Personal access tokens

Personal access tokens

A user can create a personal access token to authenticate their user account with Chronosphere APIs, Chronoctl, and Terraform. When you authenticate with a personal access token, Chronosphere associates the actions you take with your identity and respects the permissions granted to your user account's team.

Unlike creating service accounts, you don't need to be a member of a team with the SysAdmin role to create a personal access token.

For details about user accounts and teams, see Accounts and Teams. For details about signing in to the Chronosphere app in a web browser, see Authenticating with Chronosphere.

A personal access token expires and stops working after a defined period of up to 30 days. You can't use a personal access token as an API token for the Collector.

To create a persistent identity for a service, define permissions for it, and provide it with an API token, use a service account.

Create a personal access token

To create a personal access token:

  1. Click your profile icon from the menu bar and select My Account.
  2. Click + Add Token to open the Add Token window.
  3. Enter a name for the personal access token.
  4. In the Token Expiration dropdown, select a token duration in days.
  5. Click Generate Token to save the personal access token.
  6. Copy the resulting API token.

Store the API token securely, because it's as sensitive as your password. If you don't store the API token immediately after creation, you can't view it after navigating away from the My Account page. If you lose the API token, you must create a new personal access token.

Use a personal access token

You can use the API token generated by your personal access token with Chronoctl or the Chronosphere API to access the same things you can access in the Chronosphere web app.

For details, see the Chronoctl, Prometheus API, and Chronosphere API documentation.

Revoke personal access tokens

Chronosphere invalidates each personal access token and its associated API token upon expiration. You can also manually revoke personal access tokens that you've created.


When you revoke a personal access token, Chronosphere removes it and its associated API token immediately without any additional confirmation.

To revoke a token:

  1. Click your profile icon from the menu bar and select My Account.
  2. On the row of the token you want to revoke, click Revoke.

To revoke all of your tokens:

  1. Click your profile icon from the menu bar and select My Account.
  2. Click Revoke All.