|
| 1 | +--- |
| 2 | +title: Management tokens |
| 3 | +description: Automate workspace administration with tokens that create projects and manage API keys programmatically. |
| 4 | +--- |
| 5 | + |
| 6 | +# Management tokens |
| 7 | + |
| 8 | +## How management tokens work |
| 9 | + |
| 10 | +Management tokens authenticate programmatic access to workspace administration. Use them to automate project creation, API key management, and other workspace operations through the Management API. |
| 11 | + |
| 12 | +Tokens are scoped to the workspace and do not expire unless you revoke them. Each token can be assigned a subset of permissions, so you can limit access to only what your automation requires. |
| 13 | + |
| 14 | +### Permissions |
| 15 | + |
| 16 | +| Permission | Description | |
| 17 | +|---|---| |
| 18 | +| View projects | View projects created within your workspace. | |
| 19 | +| Manage projects | Manage, edit, and delete projects in your workspace. | |
| 20 | +| View API keys | View API keys generated in your workspace. | |
| 21 | +| Delete API keys | Delete API keys in your workspace. | |
| 22 | +| Create API key | Create API keys in your workspace. | |
| 23 | + |
| 24 | +## Create a management token |
| 25 | + |
| 26 | +1. Go to **Manage workspace** in the sidebar under **Workspace**. |
| 27 | +2. In the **Management tokens** section, click **+ Create management token**. |
| 28 | +3. Enter a descriptive name for the token. |
| 29 | +4. Select the permissions your automation needs. |
| 30 | +5. Click **Create management token**. |
| 31 | +6. Copy the token value from the **Save your key** dialog. |
| 32 | + |
| 33 | +:::warning |
| 34 | +You cannot access the token value again after closing this dialog. Store it in a secure location immediately. |
| 35 | +::: |
| 36 | + |
| 37 | +## View token details |
| 38 | + |
| 39 | +1. In the **Management tokens** table, click the options menu (⋯) next to the token. |
| 40 | +2. Select **View details**. |
| 41 | + |
| 42 | +The details panel displays the token name, key prefix, last used timestamp, assigned permissions, and creation date. |
| 43 | + |
| 44 | +## Revoke a management token |
| 45 | + |
| 46 | +Revoking a token disables it immediately. API requests made with the token are rejected, which may break any systems that depend on it. |
| 47 | + |
| 48 | +:::danger |
| 49 | +Revoking a management token cannot be undone. |
| 50 | +::: |
| 51 | + |
| 52 | +1. In the **Management tokens** table, click the options menu (⋯) next to the token. |
| 53 | +2. Select **Revoke key**. |
| 54 | +3. Review the token name and key in the confirmation dialog. |
| 55 | +4. Click **Revoke key** to confirm. |
| 56 | + |
| 57 | +## Management token best practices |
| 58 | + |
| 59 | +- **Limit permissions.** Assign only the permissions each token needs. A token that creates API keys does not need permission to delete them. |
| 60 | +- **Use descriptive names.** Name tokens after their purpose or the system that uses them, such as `ci-pipeline` or `key-rotation-script`. This makes it easier to audit and revoke the right token later. |
| 61 | +- **Rotate tokens periodically.** Create a replacement token, update your systems, then revoke the old one. |
| 62 | +- **Revoke unused tokens.** Check the **Last used** column regularly. Revoke any token that has never been used or has not been used recently. |
| 63 | + |
| 64 | +## Next steps |
| 65 | + |
| 66 | +- [Create an API key](/api-ref/management/create-an-api-key): Management API reference for creating keys programmatically. |
| 67 | +- [Projects](/administration/projects): create and manage projects. |
| 68 | +- [API keys](/administration/api-keys): how API keys differ from management tokens. |
0 commit comments