You can create your own personal API access tokens to authenticate with the LaunchDarkly REST API. The tokens you create can only be seen by you-- other team members cannot view your tokens. Administrators can delete your tokens, but cannot see the value of your token.
Personal API access tokens can be scoped to restrict the set of operations they can perform. For example, you can build an integration that only has read access to the REST API. The available scoping options include:
- Built-in roles-- give a token the same permissions as a Reader, Writer, or Admin
- Custom roles-- give a token the same permissions as one of your team's existing custom roles. Requires custom roles to be enabled on your plan.
- Inline custom roles-- give a token a custom set of permissions. Requires custom roles to be enabled on your plan.
Your tokens can never do more than you. If your own permissions are ever reduced, tokens you have created may have reduced scope as well. For example, if you are a Writer and create a Writer token, but then are downgraded to a Reader, your Writer token will behave like a Reader token.
Personal API access tokens and the principle of least privilege
As a best practice, we recommend giving your tokens the smallest scope required for your integration. For example, if your integration is not designed to modify your Production environment, use a custom role or inline policy to restrict access appropriately.
To create a personal access token, visit the Access Tokens tab on the Account Settings page.
Create personal access tokens screen
You can also manage your tokens from the Access Tokens tab. You can change the scope of your tokens or delete them. If you delete a token, API calls made with that token will return
401 Unauthorized status codes.
Removing team members
If you remove a team member from your account, their personal API access tokens will be invalidated. We recommend updating integrations to use new access tokens before offboarding team members.