# Locoia API Authentication - Personal Access Token ## Creating a Personal Access Token ### In Locoia Go to your avatar (upper right corner) > **User** > [**Personal Access Token**](https://app.locoia.com/user-preferences?activeTab=personalAccessTokens)**.** There you can create new access tokens, update and regenerate existing ones with full flexibility. {% hint style="warning" %} The token itself is only visible right after creating a personal access token. In case you didn't save it, you can generate the token. The old token will then be invalidated. {% endhint %} ### Using the API {% hint style="info" %} We recommend to generate and manage personal access tokens directly in our app for, however, you can use our API for that as well. {% endhint %} In order to create a personal access token via API the following endpoint needs to be used: ## Create personal access token `POST` `https://api.locoia.com/v1/personal-access-tokens` The personal access token can be defined with granular scopes and an expiration date. #### Headers | Name | Type | Description | | ----------------------------------------------- | ------ | ------------ | | Authorization\* | String | Bearer Token | #### Request Body | Name | Type | Description | | -------------------------------------------- | ------ | ------------------------------------------------------------- | | expiration\* | Int | Number of days until expiration. Use `null` for no expiration | | scopes\* | List | List of scopes | | note\* | String | Describe purpose, (max 255 characters) | {% tabs %} {% tab title="201: Created " %} ```javascript { "id": "UUID", "token": "Token", "expiration": "Expiration Datetime", "note": "String", "last_used": null, "scopes": [ "Scope1", "Scope2" ] } ``` {% endtab %} {% endtabs %} {% hint style="warning" %} The token itself is only visible right after creating a personal access token, after that it is impossible to retrieve it from the API. {% endhint %} You can also create it directly in Locoia with [this Community Library Flow](https://app.locoia.com/#/community-library?page=1\&perPage=10\&nameSearchString=Create%20a%20Personal%20Access%20Token%20for%20Locoia\&sortProp=reference\&sortOrder=ascending). One can regenerate a token with by sending the following `POST` request: ## Regenerate personal access token `POST` `https://api.locoia.com/v1/personal-access-tokens/{{ token_id }}/regenerate` Regenerate or extend the expiration of an already created personal access token. #### Path Parameters | Name | Type | Description | | ------------------------------------------- | ------ | --------------------------------------------- | | token\_id\* | String | ID of personal access token to be regenerated | #### Headers | Name | Type | Description | | ----------------------------------------------- | ------ | ------------ | | Authorization\* | String | Bearer Token | #### Request Body | Name | Type | Description | | -------------------------------------------- | ---- | -------------------------------------------------------- | | expiration\* | Int | Number of days until expiration `null` for no expiration | You can list all token with ## Get personal access tokens `GET` `https://api.locoia.com/v1/personal-access-tokens` List all personal access tokens of the user. #### Headers | Name | Type | Description | | ------------- | ------ | ------------ | | Authorization | String | Bearer Token | ## Scopes The following scopes are available: | Scope Name | Entites | | --------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | automation |

Flows
Flow Runs
Flow Run Steps
Run Flows
Connector Auths (Read only)
Env Variables (Read only)
File Uploads (Read only)

| | company |

Env Variables
File Uploads
Teams
Users

| | connector\_auth |

Connector Auths

| | connectors |

Connectors
Connector Actions

| | dashboard |

Dashboards
Data Sources
Forecasts
Insights
Transforms

| | embed |

Embeds

| There are different access levels based on the scope extension:

Scope Extension	Supported Scopes	Operations	Example
None (leave empty)	automation, company, connector_auth, connectors, dashboard, embed	CRUD - Create, Read, Update, Delete	`connector_auth` - the token can create, read, update, and delete all Connector Auths to which the user who created the token has access to
:manage	automation, company, connector_auth, connectors, dashboard, embed	CRU - Create, Read, Update	`connector_auth:manage` - the user can do all of the above, except for deleting
:view	automation, company, connector_auth, connectors, dashboard, embed	R - Read	`connector_auth:view` - the user can only read the Connector Auths
webhook_run	automation	Trigger Webhook Flows	`automation` - the token can trigger all Webhook Flows in the account (alternative to Flow specific webhook tokens)

## Using Personal Access Token To authenticate with the token, simply specify it in the Authorization header like this: `Authorization: Bearer {{ token }}` or setup a Connector Auth for Locoia within the Locoia app and then use the token there.