Personal tokens is one of the two ways supported by Space to authenticate and authorize API requests sent by external applications to Space to retreive and manipulate data.
You can create a personal token in your profile and then provide it to your external application.
Your personal token authenticates the external application on your behalf.
When creating a token, you can grant it a limited set of permissions, restricting access to data and actions. You can only assign permissions that you have yourself.
Your personal token is a permanent token, i.e. it never expires. Nontheless, you can revoke and replace it at any time should you suspect unauthorized access or as a preventive measure.
Create a personal token
Navigate to your profile.
On the profile sidebar, choose Security and go to the Personal Tokens tab.
Click New personal token.
Give your new token a distinctive name.
Specify the access scope for the token:
Choose Full access to grant all the permissions that you have.
Choose Limited access to limit the scope to specific permissions.
Click Select permissions and choose permissions from the list.
A dialog window with the new token will be displayed:
Copy the token and store it in a secure location. Use the token in your external application to authenticate and authorize API requests to Space resources.
After you've copied the token, the dialog closes and the token is displayed. You can update or revoke it at any time.
Update (edit) a personal token
You can edit your existing personal token configuration:
Change its name.
Edit the access scope by adding or removing permissions.
Revoke a personal token
Personal tokens do not have an expiration date, making it easy for a perpetrator to repeatedly gain access once they get hold of the token. If you suspect unauthorised activity, you can revoke the token associated with the compromised connection.