How to Create a Personal Access Token

To use the API, you need to generate a personal access token. Personal access tokens function like ordinary OAuth access tokens. You use them to authenticate to the API by including one in a bearer-type Authorization header with your request.

Keep your tokens secret. They function like passwords. Do not hard code your tokens into programs where they may accidentally be released in version control and are harder to rotate. Instead, use environmental variables. If a token becomes compromised, delete it to revoke that token’s access.

To generate a personal access token, log in to the DigitalOcean Control Panel.

In the left menu, click API, which takes you to the Applications & API page on the Tokens tab. In the Personal access tokens section, click the Generate New Token button.

This opens a New personal access token window:

New personal access token window

In this window, fill out the fields as follows:

  • Token name. Choose a name for the token. This is for your own reference.

  • Select expiration. Choose when the token expires. After the interval passes, the token can no longer authenticate you to the API and it disappears from your account.

  • Select scopes. You can create tokens with read-only or read-write scope:

    • read scope lets you list and retrieve information about all resources on the account.

    • write scope lets you create, delete, and modify all resources on the account.

When you click Generate Token, your token is generated and presented to you on your Personal Access Tokens page. The actual token is the long string of numbers and letters under the name. It is prefixed with dop_v1_ in order to distinguish it from other similar tokens.

New personal access token created with token visible

Be sure to record your personal access token. For security purposes, it is only shown once.