A Personal Access Token (PAT) in Hoppscotch acts as a secure authentication method, allowing you to smoothly link your Hoppscotch API client, on Hoppscotch cloud or self-host, with the Hoppscotch CLI.

Generating Personal Access Token

Follow these steps to create a new token, manage its settings. Personal access tokens cannot be used to access data in your personal workspace.

  1. Login into the Hoppscotch API client using your credentials.

  2. Once logged in, navigate to your profile settings by clicking on your profile icon, located in the top right corner of the screen.

  3. In the profile settings menu, locate and click on Personal Access Tokens.

  4. Within the Personal Access Tokens section, find the option to “Generate New Token” and click on it.

  5. Provide a brief description under Label to remind yourself of the token’s purpose and select an expiration date for the token. Options typically include 7 days, 30 days, 60 days, 90 days, or set it to never expire.

Once a Personal Access Token (PAT) is generated with read-only access permissions, it cannot be modified. Please review the token settings carefully before generating it to ensure it meets your access requirements.
  1. After generating the token, it will be securely displayed. Use the copy icon to copy the token to your clipboard for immediate use.

  2. If you decide that you no longer need the token, you can delete it by navigating back to your profile page.

Remember, deleted tokens cannot be recovered.
  1. Once you’ve copied or saved your PAT, you can use it to authenticate API requests across different Hoppscotch services.

Enterprise Token Management

In Self-Hosted Enterprise settings, users with Admin privileges have additional capabilities for managing Personal Access Tokens (PATs).

  1. Admin can oversee and manage tokens generated by all users within the enterprise environment.
  2. An Admin also possesses the authority to delete tokens under their purview. This capability ensures compliance with security protocols and allows for the removal of tokens that are no longer necessary or have expired.