Skip to content

Personal Access Tokens Enterprise

A personal access token is a long-lived token created in the TestGen UI and used to authenticate to the REST API and the MCP server. A token carries the identity of the user who created it: requests made with it use that user's permissions on each project. Any logged-in user can create and manage their own tokens — no administrator action is needed.

Note

Treat a personal access token like a password. Anyone who has it can act as the user who created it, with the same permissions, until the token expires or is revoked. See User Access for role details.

Create a token

  1. Open Account Settings from your account button at the bottom of the sidebar, then go to the Personal Access Tokens section.
  2. Click Create Token.
  3. Enter a Name that identifies where the token will be used, for example ci-deploy.
  4. Set Expires in — choose a preset or pick a custom date. The longest lifetime available is set by an administrator.
  5. Click Create.
  6. Copy the token and store it securely, such as in a secret manager or a CI provider's secrets.

Warning

The token is shown only once, at creation. It cannot be retrieved later — if it is lost, revoke it and create a new one.

Use the token to authenticate with the REST API and the MCP server.

View tokens

The Personal Access Tokens section lists your tokens, with the date each was created, when it expires or was revoked, and its status:

Status Meaning
Active The token is valid and can authenticate requests.
Expired The token has passed its expiration date and can no longer authenticate.
Revoked The token was revoked and can no longer authenticate.

Revoke a token

Revoke a token to end its access before it expires — for example, if it was exposed or is no longer needed.

  1. Open Account Settings from your account button at the bottom of the sidebar, then go to the Personal Access Tokens section.
  2. Find the token in the list and click the revoke icon in its row.
  3. Confirm.

A revoked token stops working immediately and cannot be restored. Create a new token if you need to restore access.