JetBrains Space Help

Personal Tokens

Personal tokens is one of the two ways supported by Space to authenticate and authorize API requests sent by external applications to Space to retreive and manipulate data.

  • You can create a personal token in your profile and then provide it to your external application.

  • Your personal token authenticates the external application on your behalf.

  • When creating a token, you can grant it a limited set of permissions, restricting access to data and actions. You can only assign permissions that you have yourself.

  • Your personal token is a permanent token, i.e. it never expires. Nontheless, you can revoke and replace it at any time should you suspect unauthorized access or as a preventive measure.

Create a personal token

  1. Navigate to your profile.

  2. On the Profile sidebar, choose Personal Tokens.

  3. Click New personal token.

  4. Give your new token a distinctive name.

  5. Specify the access scope for the token:

    • Choose Full access to grant all the permissions that you have.

    • Choose Limited access to limit the scope to specific permissions.

      Click Select permissions and choose permissions from the list.

    newPersonalToken.png
  6. Click Create.

    A dialog window with the new token will be displayed:

    personalTokenCopy.png
  7. Copy the token and store it in a secure location. Use the token in your external application to authenticate and authorize API requests to Space resources.

  8. After you've copied the token, the dialog closes and the token is displayed. You can update or revoke it at any time.

Update (edit) a personal token

You can edit your existing personal token configuration:

  • Change its name.

  • Edit the access scope by adding or removing permissions.

  1. Navigate to your profile.

  2. On the Profile sidebar, choose Personal Tokens.

  3. Locate the token you want to edit and click Update.

  4. Edit the token as described in the instruction above.

Revoke a personal token

Personal tokens do not have an expiration date, making it easy for a perpetrator to repeatedly gain access once they get hold of the token. If you suspect unauthorised activity, you can revoke the token associated with the compromised connection.

  1. Navigate to your profile.

  2. On the Profile sidebar, choose Personal Tokens.

  3. Locate the token you want to revoke and click Update.

  4. Edit the token as described in the Revoke.

    The token will be disabled and removed from the list of your personal tokens.

Last modified: 25 December 2020