Auth Tokens

Personal auth tokens are one of the ways to authenticate and authorize API requests sent by external applications to CodeCanvas to retrieve and manipulate data.

You can create a personal token in your CodeCanvas account and then provide it to your external application.
Your personal token authenticates the external application on your behalf.
When creating a token, you can grant it a limited set of permissions, restricting access to data and actions. You can only assign permissions that you have yourself.
Your personal token is a permanent token, i.e., it never expires. Nonetheless, you can revoke and replace it at any time should you suspect unauthorized access or as a preventive measure.

Create a personal token

On the sidebar menu, click your name and select Auth Tokens.
Click New personal token.
Give your new token a distinctive name.
Specify the access scope for the token:
- Select Full access to grant all the permissions that you have.
- Select Limited access to limit the scope to specific permissions.
  Choose the context, then select permissions from the list.
Click Create.
Copy the token and store it in a secure location. Use the token in your external application to authenticate and authorize API requests to CodeCanvas resources.
You must copy the token at this point. When you close the dialog, you won't be able to access the token again. If you close the dialog accidentally, the only way to obtain a token is to create a new one.
After you've copied the token, the dialog closes and the token is displayed. You can update or revoke it at any time.

Update (edit) a personal token

You can edit your existing personal token configuration:

Change its name.
Edit the access scope by adding or removing permissions.

On the sidebar menu, click your name and select Auth Tokens.
Locate the token you want to edit and click Update.
Edit the token as described in the instruction above.

Revoke a personal token

Personal tokens don't have an expiration date, making it easy for a perpetrator to repeatedly gain access once they get hold of the token. If you suspect unauthorized activity, you can revoke the token associated with the compromised connection.

On the sidebar menu, click your name and select Auth Tokens.
Locate the token you want to revoke and click Update.
Edit the token as described in the Revoke.
The token will be disabled and removed from the list of your personal tokens.

Last modified: 02 July 2024