debian-mirror-gitlab/doc/user/profile/personal_access_tokens.md

# Personal access tokens

> [Introduced][ce-3749] in GitLab 8.8.

Personal access tokens are the preferred way for third party applications and scripts to
authenticate with the [GitLab API][api], if using [OAuth2](../../api/oauth2.md) is not practical.

You can also use personal access tokens to authenticate against Git over HTTP or SSH. They must be used when you have [Two-Factor Authentication (2FA)][2fa] enabled. Authenticate with a token in place of your password.

To make [authenticated requests to the API][usage], use either the `private_token` parameter or the `Private-Token` header.

The expiration of personal access tokens happens on the date you define,
at midnight UTC.

## Creating a personal access token

You can create as many personal access tokens as you like from your GitLab
profile.

1. Log in to GitLab.
1. In the upper-right corner, click your avatar and select **Settings**.
1. On the  **User Settings** menu, select **Access Tokens**.
1. Choose a name and optional expiry date for the token.
1. Choose the [desired scopes](#limiting-scopes-of-a-personal-access-token).
1. Click the **Create personal access token** button.
1. Save the personal access token somewhere safe. Once you leave or refresh
   the page, you won't be able to access it again.

### Revoking a personal access token

At any time, you can revoke any personal access token by clicking the
respective **Revoke** button under the **Active Personal Access Token** area.

## Limiting scopes of a personal access token

Personal access tokens can be created with one or more scopes that allow various
actions that a given token can perform. The available scopes are depicted in
the following table.

| Scope              | Introduced in | Description |
| ------------------ | ------------- | ----------- |
| `read_user`        | [GitLab 8.15](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5951)   | Allows access to the read-only endpoints under `/users`. Essentially, any of the `GET` requests in the [Users API][users] are allowed. |
| `api`              | [GitLab 8.15](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5951)   | Grants complete access to the API and Container Registry (read/write). |
| `read_registry`    | [GitLab 9.3](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11845)   | Allows to read (pull) [container registry] images if a project is private and authorization is required. |
| `sudo`             | [GitLab 10.2](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/14838)  | Allows performing API actions as any user in the system (if the authenticated user is an admin). |
| `read_repository`  | [GitLab 10.7](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/17894)  | Allows read-only access (pull) to the repository through git clone. |
| `write_repository` | [GitLab 11.11](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26021) | Allows read-write access (pull, push) to the repository through git clone. Required for accessing Git repositories over HTTP when 2FA is enabled. |

[2fa]: ../account/two_factor_authentication.md
[api]: ../../api/README.md
[ce-3749]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3749
[container registry]: ../project/container_registry.md
[users]: ../../api/users.md
[usage]: ../../api/README.md#personal-access-tokens
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`# Personal access tokens`

			`> [Introduced][ce-3749] in GitLab 8.8.`

New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`Personal access tokens are the preferred way for third party applications and scripts to`
			`authenticate with the [GitLab API][api], if using [OAuth2](../../api/oauth2.md) is not practical.`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`You can also use personal access tokens to authenticate against Git over HTTP or SSH. They must be used when you have [Two-Factor Authentication (2FA)][2fa] enabled. Authenticate with a token in place of your password.`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			To make [authenticated requests to the API][usage], use either the `private_token` parameter or the `Private-Token` header.
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
			`The expiration of personal access tokens happens on the date you define,`
			`at midnight UTC.`

			`## Creating a personal access token`

			`You can create as many personal access tokens as you like from your GitLab`
			`profile.`

New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`1. Log in to GitLab.`
			`1. In the upper-right corner, click your avatar and select Settings.`
			`1. On the User Settings menu, select Access Tokens.`
			`1. Choose a name and optional expiry date for the token.`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`1. Choose the [desired scopes](#limiting-scopes-of-a-personal-access-token).`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`1. Click the Create personal access token button.`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`1. Save the personal access token somewhere safe. Once you leave or refresh`
			`the page, you won't be able to access it again.`

New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`### Revoking a personal access token`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`At any time, you can revoke any personal access token by clicking the`
			`respective Revoke button under the Active Personal Access Token area.`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
			`## Limiting scopes of a personal access token`

			`Personal access tokens can be created with one or more scopes that allow various`
			`actions that a given token can perform. The available scopes are depicted in`
			`the following table.`

New upstream version 12.0.8 2019-09-04 21:01:54 +05:30			`\| Scope \| Introduced in \| Description \|`
			`\| ------------------ \| ------------- \| ----------- \|`
			\| `read_user` \| [GitLab 8.15](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5951) \| Allows access to the read-only endpoints under `/users`. Essentially, any of the `GET` requests in the [Users API][users] are allowed. \|
			\| `api` \| [GitLab 8.15](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5951) \| Grants complete access to the API and Container Registry (read/write). \|
			\| `read_registry` \| [GitLab 9.3](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11845) \| Allows to read (pull) [container registry] images if a project is private and authorization is required. \|
			\| `sudo` \| [GitLab 10.2](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/14838) \| Allows performing API actions as any user in the system (if the authenticated user is an admin). \|
			\| `read_repository` \| [GitLab 10.7](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/17894) \| Allows read-only access (pull) to the repository through git clone. \|
			\| `write_repository` \| [GitLab 11.11](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26021) \| Allows read-write access (pull, push) to the repository through git clone. Required for accessing Git repositories over HTTP when 2FA is enabled. \|
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
			`[2fa]: ../account/two_factor_authentication.md`
			`[api]: ../../api/README.md`
			`[ce-3749]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3749`
			`[container registry]: ../project/container_registry.md`
			`[users]: ../../api/users.md`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`[usage]: ../../api/README.md#personal-access-tokens`