Automation Cloud
latest
false
Banner background image
Automation Cloud API Guide
Last updated Apr 1, 2024

Personal Access Tokens

Personal Access Tokens (PATs) allow you to access UiPath services and resources with ease while maintaining a high level of security.

What are Personal Access Tokens?

A Personal Access Token is a unique alphanumeric string that serves as a substitute for your credentials when interacting with our APIs and services. Instead of providing your username and password directly, you can generate a Personal Access Token that grants you controlled access to specific UiPath resources.

Note:

PATs are only available for local users. They are not available for directory users or SAML.

Benefits of using tokens for authentication

Using Personal Access Tokens for authentication offers several key benefits:

  1. Enhanced security: PATs reduce the risk of exposing your primary credentials, since they're used in place of your username and password.

  2. Fine-grained access control: With scopes and permissions, you can precisely define the level of access each token has, allowing you to limit actions to only what's necessary.

  3. Expiration date: You can ensure that tokens have a limited validity period by assigning them an expiration date.

Token scopes and permissions

Token scopes define the specific actions or resources a token is allowed to access. When creating a token, you are prompted to select the appropriate scopes based on what you intend to do with it. Examples of scopes can include:

  • TM.Defects.Read -allows performing actions related to reading or accessing defects in Test Manager.
  • OR.Folders - allows reading folder data, creating, modifying, and managing folders in Orchestrator.

Selecting appropriate scopes for your needs

When generating a Personal Access Token, you have to select scopes that align with the tasks you intend to perform. You should only request scopes that are necessary for your use case. By minimizing the permissions of a token, you reduce the impact it can have if it becomes compromised, and, as such, you enhance security.

To select appropriate scopes:

  1. Determine the tasks you need the token to perform, such as reading folders data or managing folders.

  2. Consult the list of available scopes and their descriptions in the token generation process.

  3. Choose the smallest set of scopes that will allow your token to accomplish tasks effectively.

Generating a token

To generate a token, follow these steps:
  1. Click the user icon in the top-right corner of the window and select Preferences. The Preferences page opens.
    Figure 1. User Menu Preferences. Screenshot of the user menu showing the Preferences option. This option enables you to personalize your experience by adjusting settings according to your preferences.docs image
  2. On the left, click Personal Access Token. The Personal Access Token page shows a list of personal tokens generated for your user, if any.
  3. To generate a new token, click Generate new token. The Generate personal access token pane opens on the right.
  4. Provide a name on the Name field for identification purposes.
  5. Provide an expiration date on the Expiration Date field. After this date, the token becomes invalid.
  6. Define the specific permissions and actions the token is authorized to perform within an application, by selecting its scope from the Scope > Resources field.
    Figure 2. Personal Access Token Configuration. Screenshot of the configuration window for personal access tokens and their scopes. Users can manage and customize access by defining the resources, scopes, and expiration date of each token.docs image
  7. After configuring the fields, click Save to save your token. The system generates a unique access token for you, which is displayed on the Token generated window.
    Figure 3. Generated Token Confirmation. Screenshot confirming the successful generation of a token. The interface displays a newly generated token with a unique alphanumeric code. A checkmark symbolizes the completion of the process. Users can now use this token to authenticate and access specific UiPath resources securely. A notification advises users that the token will not be visible again.docs image
  8. Once generated, copy the access token immediately. This is your only opportunity to view the token. Keep it in a safe place, as you will not be able to see it again. You can now use this token to authenticate and access UiPath resources through our APIs.

Revoking a token

Revoking a token enables you to immediately disable access for tokens that are no longer needed or have been compromised. To revoke a token, follow these steps:
  1. Click the user icon in the top-right corner of the window and select Preferences. The Preferences page opens.
  2. On the left, click Personal Access Token. The Personal Access Token page shows a list of personal tokens generated for your user.
  3. To revoke a token, click Show more actions > Revoke for the specific token. The Revoke token window is displayed, asking you to confirm the revocation.
    Figure 4. Token Revocation Confirmation. Screenshot of the token revocation window, indicating the successful revocation of a token. Any previous uses of the token will no longer be valid.docs image
  4. Click Delete to revoke the token. After deleting it, the token is removed from the list of available tokens, and is no longer valid for accessing UiPath resources.
    Important: Orchestrator's caching mechanism stores PATs for an hour. Consequently, revoked tokens may still access Orchestrator resources for up to an extra hour until the cache expires.

Token regeneration

In scenarios where you need to maintain the same level of access, but wish to refresh your token, you can consider regenerating a Personal Access Token. Regeneration creates a new token with identical scopes and permissions as the original. However, make sure to update any scripts,, applications, or integrations that use the old token with the new one.

Important:

Regeneration is only applicable to tokens that have not yet expired. Once a token has expired, it cannot be regenerated.

Orchestrator's caching mechanism stores PATs for an hour. Consequently, revoked tokens may still access Orchestrator resources for up to an extra hour until the cache expires.

Regenerating a token

To regenerate a token, follow these steps:

  1. Click the user icon in the top-right corner of the window and select Preferences. The Preferences page opens.
  2. On the left, click Personal Access Token. The Personal Access Token page shows a list of personal tokens generated for your user.
  3. To regenerate a token, click Show more actions > Regenerate for an unexpired token. The Regenerate token window is displayed.
    Figure 5. Token Regeneration Confirmation

    Screenshot of the token regeneration confirmation window. Users are prompted to confirm their intention to regenerate the token.

    docs image
  4. Click Confirm to regenerate the token. The system generates a unique access token for you, which is displayed on the Token generated window.
    Figure 6. Generated Token Confirmation. Screenshot confirming the successful generation of a token. The interface displays a newly generated token with a unique alphanumeric code. A checkmark symbolizes the completion of the process. You can now use this token to authenticate and access specific UiPath resources securely. A notification advises you that the token will not be visible again.docs image
  5. Once generated, copy the access token immediately. This is your only opportunity to view the token. Keep it in a safe place, as you will not be able to see it again. You can now use this token to authenticate and access UiPath resources through our APIs.

Was this page helpful?

Support and Services
Get The Help You Need
UiPath Academy
Learning RPA - Automation Courses
UiPath Forum
UiPath Community Forum
Uipath Logo White
Trust and Security
Terms of Use
Privacy Policy
Cookies Policy
© 2005-2024 UiPath. All rights reserved.