debian-mirror-gitlab/doc/user/profile/personal_access_tokens.md

---
type: concepts, howto
---

# Personal access tokens

> [Introduced][ce-3749] in GitLab 8.8.

If you're unable to use [OAuth2](../../api/oauth2.md), you can use a personal access token to authenticate with the [GitLab API][api].

You can also use personal access tokens with Git to authenticate over HTTP or SSH. Personal access tokens are required when [Two-Factor Authentication (2FA)][2fa] is enabled. In both cases, you can authenticate with a token in place of your password.

Personal access tokens expire on the date you define, at midnight UTC.

For examples of how you can use a personal access token to authenticate with the API, see the following section from our [API Docs](../../api/README.md#personal-access-tokens).

## Creating a personal access token

You can create as many personal access tokens as you like from your GitLab
profile.

1. Log in to GitLab.
1. In the upper-right corner, click your avatar and select **Settings**.
1. On the  **User Settings** menu, select **Access Tokens**.
1. Choose a name and optional expiry date for the token.
1. Choose the [desired scopes](#limiting-scopes-of-a-personal-access-token).
1. Click the **Create personal access token** button.
1. Save the personal access token somewhere safe. Once you leave or refresh
   the page, you won't be able to access it again.

### Revoking a personal access token

At any time, you can revoke any personal access token by clicking the
respective **Revoke** button under the **Active Personal Access Token** area.

## Limiting scopes of a personal access token

Personal access tokens can be created with one or more scopes that allow various
actions that a given token can perform. The available scopes are depicted in
the following table.

| Scope              | Introduced in | Description |
| ------------------ | ------------- | ----------- |
| `read_user`        | [GitLab 8.15](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/5951)   | Allows access to the read-only endpoints under `/users`. Essentially, any of the `GET` requests in the [Users API][users] are allowed. |
| `api`              | [GitLab 8.15](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/5951)   | Grants complete read/write access to the API, including all groups and projects, the container registry, and the package registry. |
| `read_registry`    | [GitLab 9.3](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/11845)   | Allows to read (pull) [container registry] images if a project is private and authorization is required. |
| `sudo`             | [GitLab 10.2](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/14838)  | Allows performing API actions as any user in the system (if the authenticated user is an admin). |
| `read_repository`  | [GitLab 10.7](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/17894)  | Allows read-only access (pull) to the repository through `git clone`. |
| `write_repository` | [GitLab 11.11](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/26021) | Allows read-write access (pull, push) to the repository through `git clone`. Required for accessing Git repositories over HTTP when 2FA is enabled. |

[2fa]: ../account/two_factor_authentication.md
[api]: ../../api/README.md
[ce-3749]: https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/3749
[container registry]: ../packages/container_registry/index.md
[users]: ../../api/users.md
[usage]: ../../api/README.md#personal-access-tokens

<!-- ## Troubleshooting

Include any troubleshooting steps that you can foresee. If you know beforehand what issues
one might have when setting this up, or when something is changed, or on upgrading, it's
important to describe those, too. Think of things that may go wrong and include them here.
This is important to minimize requests for support, and to avoid doc comments with
questions that you know someone might ask.

Each scenario can be a third-level heading, e.g. `### Getting error message X`.
If you have none to add when creating a doc, leave this section in place
but commented out to help encourage others to add to it in the future. -->
New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`---`
			`type: concepts, howto`
			`---`

New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`# Personal access tokens`

			`> [Introduced][ce-3749] in GitLab 8.8.`

New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`If you're unable to use [OAuth2](../../api/oauth2.md), you can use a personal access token to authenticate with the [GitLab API][api].`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`You can also use personal access tokens with Git to authenticate over HTTP or SSH. Personal access tokens are required when [Two-Factor Authentication (2FA)][2fa] is enabled. In both cases, you can authenticate with a token in place of your password.`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`Personal access tokens expire on the date you define, at midnight UTC.`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`For examples of how you can use a personal access token to authenticate with the API, see the following section from our [API Docs](../../api/README.md#personal-access-tokens).`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
			`## Creating a personal access token`

			`You can create as many personal access tokens as you like from your GitLab`
			`profile.`

New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`1. Log in to GitLab.`
			`1. In the upper-right corner, click your avatar and select Settings.`
			`1. On the User Settings menu, select Access Tokens.`
			`1. Choose a name and optional expiry date for the token.`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`1. Choose the [desired scopes](#limiting-scopes-of-a-personal-access-token).`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`1. Click the Create personal access token button.`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`1. Save the personal access token somewhere safe. Once you leave or refresh`
			`the page, you won't be able to access it again.`

New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`### Revoking a personal access token`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`At any time, you can revoke any personal access token by clicking the`
			`respective Revoke button under the Active Personal Access Token area.`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
			`## Limiting scopes of a personal access token`

			`Personal access tokens can be created with one or more scopes that allow various`
			`actions that a given token can perform. The available scopes are depicted in`
			`the following table.`

New upstream version 12.0.8 2019-09-04 21:01:54 +05:30			`\| Scope \| Introduced in \| Description \|`
			`\| ------------------ \| ------------- \| ----------- \|`
New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			\| `read_user` \| [GitLab 8.15](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/5951) \| Allows access to the read-only endpoints under `/users`. Essentially, any of the `GET` requests in the [Users API][users] are allowed. \|
			\| `api` \| [GitLab 8.15](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/5951) \| Grants complete read/write access to the API, including all groups and projects, the container registry, and the package registry. \|
			\| `read_registry` \| [GitLab 9.3](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/11845) \| Allows to read (pull) [container registry] images if a project is private and authorization is required. \|
			\| `sudo` \| [GitLab 10.2](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/14838) \| Allows performing API actions as any user in the system (if the authenticated user is an admin). \|
			\| `read_repository` \| [GitLab 10.7](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/17894) \| Allows read-only access (pull) to the repository through `git clone`. \|
			\| `write_repository` \| [GitLab 11.11](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/26021) \| Allows read-write access (pull, push) to the repository through `git clone`. Required for accessing Git repositories over HTTP when 2FA is enabled. \|
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
			`[2fa]: ../account/two_factor_authentication.md`
			`[api]: ../../api/README.md`
New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`[ce-3749]: https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/3749`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`[container registry]: ../packages/container_registry/index.md`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`[users]: ../../api/users.md`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`[usage]: ../../api/README.md#personal-access-tokens`
New upstream version 12.2.8 2019-10-12 21:52:04 +05:30
			`<!-- ## Troubleshooting`

			`Include any troubleshooting steps that you can foresee. If you know beforehand what issues`
			`one might have when setting this up, or when something is changed, or on upgrading, it's`
			`important to describe those, too. Think of things that may go wrong and include them here.`
			`This is important to minimize requests for support, and to avoid doc comments with`
			`questions that you know someone might ask.`

			Each scenario can be a third-level heading, e.g. `### Getting error message X`.
			`If you have none to add when creating a doc, leave this section in place`
			`but commented out to help encourage others to add to it in the future. -->`