A personal access token can be used to automate any task a user might perform through the UI and make further API requests. Unlike the short-lived token generated when you log in to the Caisy app in the browser, a personal access token is permanent until you delete it. It can be used to request data from all APIs: Internal API, External API, and Asset API using the
x-caisy-token HTTP header.
Security Note: Leaking you personal access token in any code file or other public places is as critical as if you would share you username and password in plaintext. If you are using any personal access token in your code load it from the environment, and make sure your `.env` or so is on the `.gitignore`. In production environments you might use a custom vault, GitHub secrets or configure the environment variables in your hosting provider such as Vercel.
To access the personal access token screen, go to Profile -> Personal tokens by clicking on your user avatar located in the bottom left corner and selecting "Personal Tokens" from the menu.
To create a new token, click the "CREATE TOKEN" button in the upper right corner. A modal will appear, allowing you to enter a name for the token.
After entering the name, you will receive your API key, which looks like this:
Please copy the token and keep it in a place where you can find it again, because after you have closed the modal you can no longer access the key.
This token can now be used as a permanent user token in API requests by passing it in the
x-caisy-token header. If you wish to remove access, you can return to the Personal Tokens screen and delete the token at any time.