Skip to content

User Access Tokens

As an organization owner or admin, you can view and manage all personal access tokens (PATs) created by your organization’s members from a single, centralized page. This allows you to monitor API usage and enhance security by revoking tokens when necessary.

To manage access tokens of your organization, go to Organization Settings > User access tokens.

The User access tokens page displays a list of all active personal access tokens within your organization.

User Access Tokens page

The table provides the following information for each token:

  • Name: The descriptive name given to the token upon creation.
  • Token: A partially masked version of the token for identification.
  • Created By: The organization member who generated the token.
  • Created: The date the token was created.
  • Last used: The date the token was last used to make an API request.
  • Expires: The token’s expiration date. A value of “never” indicates the token does not expire.

You can revoke any member’s personal access token at any time. This is useful if a token is compromised, associated with a former employee, or no longer needed.

To revoke a token, follow these steps:

  1. Go to Organization Settings > User access tokens.
  2. Find the token you wish to revoke in the list and click Revoke next to it.

Read more about Access Tokens.

Was this page helpful?