- Introduction
- Getting Started
- Gitpod Tutorial
- Use Cases
- Languages
- Configure
- Workspaces
- User settings
- Repositories
- Organizations
- Authentication
- Billing
- References
- .gitpod.yml
- IDEs & editors
- Integrations
- Gitpod CLI
- Gitpod API
- Gitpod URL
- Compatibility
- Enterprise
- Guides
- Background
- Reference
- Help
- Contribute
- Troubleshooting
Access Tokens
Access Tokens are currently in Beta · Send feedback.
Access tokens are personal secrets that allow you to interact with Gitpod programmatically through the Gitpod CLI. When you use an access token with Gitpod, all performed actions assume the authorization of the user who created the token.
Permissions (Scopes)
Each Access Token either has:
- No Access.
- Full Access to Resources and APIs which the token owner also has access to.
By default, an Access Token has No Access. You need to explicitly select Full Access to successfully authorize.
In the future, we will expand Access Tokens with fine grained permissions.
Expiration
All Access Tokens have an expiration time. When a token expires, requests made with the token will fail with Unauthorized. When a token expires, you can regenerate it.
Managing Access Tokens
Listing Access Tokens
You can list your Access Tokens in your user Settings, or by going to gitpod.io/tokens.
Creating an Access Token
You can create an Access Token by navigating to gitpod.io/tokens or through Settings > Access Tokens. Clicking New Access Token will prompt you to specify details of the token.
- Your access tokens will automatically expire after the specified duration.
- Once you create an Access Token, it will be shown to you once. Make sure you store it in a secure place, you will not be able to retrieve it again.
Updating an Access Token
Access Token can be updated. You can update the following properties on a token:
- Name
- Permission scopes
When you update a token, the token secret remains unaffected and you can continue to use it, until it expires.
Regenerating Access Tokens
Access Token can be regenerated. Regenerating a token will:
- Create a new token secret, which you’ll need to store in a secure place and replace your old one.
- The new token will have a new expiration time.
- The old token will no longer be valid and will receive Unauthorized when interacting with APIs.
Deleting Access Tokens
Personal Access token can be deleted. Once deleted, the token is no longer valid for interaction with APIs.