Skip to main content

Personal Access Tokens

Personal access tokens are intended to access membership system resources on behalf of yourself.

A token has the same capabilities to access resources and perform actions on those resources that the owner of the token has, and is further limited by any scopes or permissions granted to the token. A token cannot grant additional access capabilities to a user.

Create a new personal access token

To create a new personal access token:

  • Head to My Account by logging in and clicking your profile in the top right of the page.
  • Select Personal Access Tokens
  • Press Create PAT
  • Name your token. This will help you identify your token later.
  • Press Generate PAT.
  • Your token will be generated and displayed to you. Please note down your token immediately as we won't display it to you again.

Keeping your tokens secure

You should treat tokens like a password and never share them with others. Tokens may be able to perform any action that can be performed by your account.

If you suspect a token may be compromised, you should revoke it immediately.

Revoking tokens

When a token is no longer required, or you think it has been compromised, you should revoke it.

To revoke a token:

  • Head to My Account by logging in and clicking your profile in the top right of the page.
  • Select Personal Access Tokens
  • Your personal access tokens will be listed. Press Revoke next to the token you wish to revoke.
  • Confirm that you want to revoke the token.
  • The token will be revoked and can no longer be used to authenticate to the SCDS Membership API.

Token expiry

By default, personal access tokens will expire after one year. You cannot extend this duration and will need to generate a new token when it expires.