Login
    Contents x
    Generate Personal Access Token
      • Print
      • Dark
        Light
      • PDF
      Contents

      Generate Personal Access Token

        • Print
        • Dark
          Light
        • PDF
        Article summary

        Post
        /api/v1/users.generatePersonalAccessToken

        Permission required: create-personal-access-tokens.

        • This endpoint requires two-factor authentication.

        • Note that the generated access tokens are irrecoverable, so storing them safely is essential. If a token is lost or forgotten, it can be regenerated or deleted.

        • When making calls to the API that mandate authentication, include the generated token in the X-Auth-Token header and your user ID in the X-User-Id header to authenticate the requests. Visit the Personal Access Token user guide for more details.

        Changelog

        VersionDescription
        3.1.0Added bypassTwoFactor param
        0.69.0Added
        Header parameters
        X-Auth-Token
        stringRequired

        The authenticated user token.

        ExampleRScctEHSmLGZGywfIhWyRpyofhKOiMoUIpimhvheU3f
        X-User-Id
        stringRequired

        The authenticated user ID.

        ExamplerbAXPnMktTFbNpwtJ
        x-2fa-code
        stringRequired

        The 2fa code. See Introduction to Two-Factor Authentication.

        Example148750
        x-2fa-method
        stringRequired

        The desired method to get the 2FA code. It can be email, totp, or password.

        Body parameters
        Example 1
        {
  "tokenName": "mypersonaltoken",
  "bypassTwoFactor": false
}
        object
        tokenName
        string Required

        The name of the token.

        bypassTwoFactor
        boolean

        If 2FA requirement should be ignored when using this token.

        Default"False"
        Responses
        200

        OK

        Success Example
        {
  "token": "2jdk99wuSjXPO201XlAks9sjDjAhSJmskAKW301mSuj9Sk",
  "success": true
}
        object
        token
        string
        success
        boolean
        400

        Bad Request

        Example 1
        {
  "success": false,
  "error": "TOTP Required [totp-required]",
  "errorType": "totp-required",
  "details": {
    "method": "password",
    "codeGenerated": false,
    "availableMethods": []
  }
}
        Example 2
        {
  "success": false,
  "error": "The 'tokenName' param is required"
}
        Example 3
        {
  "success": false,
  "error": "Not Authorized [not-authorized]",
  "errorType": "not-authorized",
  "details": {
    "method": "personalAccessTokens:generateToken"
  }
}
        Expand All
        object
        success
        boolean
        error
        string
        errorType
        string
        details
        object
        method
        string
        codeGenerated
        boolean
        availableMethods
        Array of object
        object
        401

        Unauthorized

        Authorization Error
        {
  "status": "error",
  "message": "You must be logged in to do this."
}
        object
        status
        string
        message
        string
        Was this article helpful?
        What's Next
        Rocket.Chat versions receive support for six months after release.
        Change password!
        Changing your password will log you out immediately. Use the new password to log back in.
        Change profile
        Success!
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.
        Logout