Set Up Personal Access Tokens
How to create and use personal access tokens for automation and non-interactive API access.
Personal access tokens are the supported credential for external API usage. Use them for scripts, backend services, generated clients, and operational tooling.
PATs are sent directly as bearer credentials:
curl -H "Authorization: Bearer $PIX_PAT" "$API_BASE/v1/auth/tokens"Do not use browser session cookies for external clients. Cookies are tied to interactive session behavior, refresh rotation, and browser CSRF protections.
Create A Token
Authenticated users can create PATs through POST /v1/auth/tokens.
{
"name": "nightly-import",
"expiresAt": "2026-12-31T23:59:59Z",
"permissions": []
}The API returns the full token once. Store it in the secret manager for the calling system.
List And Revoke
Use GET /v1/auth/tokens to list token metadata. The secret value is not returned after creation.
Use DELETE /v1/auth/tokens/{tokenId} to revoke a token. Revocation takes effect for future requests.
Scalar
Scalar still supports bearer authentication. Paste a PAT into the bearer auth field when testing external-client behavior. If you are signed in through the browser session on the same API host, Scalar requests can also use the HttpOnly session cookie automatically.