Skip to content

Service Tokens Introduction

A Service Token is a secure credential used by a Service User to authenticate automated workflows with an API. Unlike Personal Access Tokens (PATs) which are tied to individual users, Service Tokens are tied to dedicated Service User accounts created specifically for automation — ensuring that pipelines, integrations, and scripts can operate independently of any human user.

Service Tokens are administrator-managed. Only users with the Admin role can create Service Users, generate tokens, and manage their lifecycle.

Prerequisite: Service User

Before generating a Service Token, you must have a Service User account. If you haven't created one yet, see the Create Service User guide.

Why Use Service Tokens?

  • No human dependency — Service Tokens authenticate as a Service User, not a real user. This means automation continues working even if the user who set it up leaves the organization.
  • Administrator-controlled — Token creation and management are restricted to Admins, providing centralized control over automation credentials.
  • Scoped access — Each Service User can be assigned a specific role and team memberships, limiting what the automation can access.
  • Multiple tokens — A single Service User can have multiple tokens for different environments or purposes (e.g., one for production, one for staging).
  • Audit trail — All API requests made with a Service Token are attributed to the Service User, making it clear which automation performed which actions.

Service Tokens vs Personal Access Tokens

Aspect Service Token Personal Access Token
Created by Admin only Any user (self-service)
Tied to A Service User An individual user account
Use case Automation, pipelines, integrations Personal development, testing, CLI access
Permissions Inherits the Service User's assigned role and teams Inherits the user's own permissions
Visibility Visible to all Admins Only visible to the user who created it

Tip

For individual API access, testing, and CLI usage, see the Personal Access Token Introduction documentation.

Deep Dive

Understand how Service Tokens work under the hood — generation, authentication, expiration, lifecycle, and security.

  • How It Works

    Token generation, authentication flow, expiration, lifecycle, SCIM tokens, and security.

    How It Works

  • Permissions

    Roles required to create, revoke, restore, and delete Service Tokens.

    Permissions

  • Best Practices

    Naming conventions, token rotation, role assignment, security, and incident response.

    Best Practices

Managing

Create, monitor, revoke, restore, and delete your Service Tokens.

  • Generate Service Token

    Create a new Service Token for a Service User (Admin).

    Generate Service Token

  • Revoke Service Token

    Deactivate a Service Token to immediately prevent API access (Admin).

    Revoke Service Token

  • Restore Service Token

    Reactivate a previously revoked Service Token (Admin).

    Restore Service Token

  • Delete Service Token

    Permanently remove a revoked or expired Service Token (Admin).

    Delete Service Token

  • List Columns

    Understand the Service Tokens list columns: key icon, name, expiration, last used, and status.

    List Columns

API & FAQ

  • API

    Manage Service Tokens and Service Users programmatically.

    API

  • FAQ

    Service User creation, token rotation, automation scenarios, and troubleshooting.

    FAQ