How to Create a Personal Access Token

To use the API, you’ll first generate a personal access token. Personal access tokens function like ordinary OAuth access tokens. You can use them to authenticate to the API by including one in a bearer-type Authorization header with your request.

Warning
Keep your tokens secret. They function like passwords. Do not hard code your tokens into programs where they may accidentally be released in version control and are harder to rotate. Instead, use environmental variables. If a token becomes compromised, delete it to revoke that token’s access.

To generate a personal access token, log in to the DigitalOcean Control Panel.

Click the API link in the main navigation, which takes you to the Applications & API page on the Tokens/Keys tab. In the Personal access tokens section, click the Generate New Token button.

This opens a New personal access token window:

New personal access token window

In this window, fill out the fields as follows:

  • Token name. Choose a name for the token. This is for your own reference.

  • Select expiration. Choose when the token expires. After the interval passes, the token can no longer authenticate you to the API and it disappears from your account.

  • Select scopes. You can create tokens with read-only or read-write scope:

    • read scope lets you list and retrieve information about all resources on the account.

    • write scope lets you create, delete, and modify all resources on the account.

When you click Generate Token, your token is generated and presented to you on your Personal Access Tokens page. The actual token is the long string of numbers and letters, under the name. It will be prefixed with dop_v1_ in order to distinguish it from other similar tokens.

New personal access token created with token visible

Be sure to record your personal access token. For security purposes, it will not be shown again.