Personal Tokens

Personal tokens is one of the two ways supported by Space to authenticate and authorize API requests sent by external applications to Space to retrieve and manipulate data.

You can create a personal token in your Space account and then provide it to your external application.
Your personal token authenticates the external application on your behalf.
When creating a token, you can grant it a limited set of permissions, restricting access to data and actions. You can only assign permissions that you have yourself.
Your personal token is a permanent token, i.e. it never expires. Nonetheless, you can revoke and replace it at any time should you suspect unauthorized access or as a preventive measure.

Create a personal token

On the top left, click your avatar then choose Preferences → Personal Tokens.
Click New personal token.
Give your new token a distinctive name.
Specify the access scope for the token:
- Choose Full access to grant all the permissions that you have.
- Choose Limited access to limit the scope to specific permissions.
  Choose the context (global, some project or chat channel) then select permissions from the list.
Click Create.
A dialog window with the new token will be displayed:
Copy the token and store it in a secure location. Use the token in your external application to authenticate and authorize API requests to Space resources.
You must copy the token at this point. When you close the dialog, you won't be able to access the token again. If you close the dialog accidentally, the only way to obtain a token is to create a new one.
After you've copied the token, the dialog closes and the token is displayed. You can update or revoke it at any time.

Update (edit) a personal token

You can edit your existing personal token configuration:

Change its name.
Edit the access scope by adding or removing permissions.

On the top left, click your avatar then choose Preferences → Personal Tokens.
Locate the token you want to edit and click Update.
Edit the token as described in the instruction above.

Revoke a personal token

Personal tokens do not have an expiration date, making it easy for a perpetrator to repeatedly gain access once they get hold of the token. If you suspect unauthorised activity, you can revoke the token associated with the compromised connection.

On the top left, click your avatar then choose Preferences → Personal Tokens.
Locate the token you want to revoke and click Update.
Edit the token as described in the Revoke.
The token will be disabled and removed from the list of your personal tokens.

Last modified: 31 January 2023