> ## Documentation Index
> Fetch the complete documentation index at: https://docs.chronosphere.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Personal access tokens

A user can create a *personal access token* to authenticate their user account with
Chronosphere APIs, Chronoctl, and Terraform. When you authenticate with a personal
access token, Chronosphere Observability Platform associates the actions you take
with your identity and respects the permissions granted to your user account's team.

Unlike creating service accounts, you don't need to be a member of a team with the
SysAdmin role to create a personal access token.

For details about user accounts and teams, see [Accounts and Teams](/administer/accounts-teams).
For details about signing in to Observability Platform in a web browser, see
[Authenticating with Chronosphere](/overview/authenticating).

A personal access token expires and stops working after a defined period of up to 30 days.
You can't use a personal access token as an API token for the Collector.

To create a persistent identity for a service, define permissions for it, and provide it
with an API token, use a [service account](/administer/accounts-teams/service-accounts).

## Create a personal access token

To create a personal access token:

1. Click your profile icon from the menu bar and select **My Account**.
2. Click **+ Add Token** to open the **Add Token** window.
3. Enter a name for the personal access token.
4. In the **Token Expiration** dropdown, select a token duration in days.
5. Click **Generate Token** to save the personal access token.
6. Copy the resulting API token.

<Warning>
  Store the API token securely, because it's as sensitive as your password. If you
  don't store the API token immediately after creation, you can't view it after
  navigating away from the **My Account** page. If you lose the API token, you must
  create a new personal access token.
</Warning>

## Use a personal access token

You can use the API token generated by your personal access token with Chronoctl
or the Chronosphere API to access the same things you can access in the
Observability Platform web app.

For details, see the [Chronoctl](/tooling/chronoctl),
[Prometheus API](/tooling/prometheus-api), and
[Chronosphere API](/tooling/api-info) documentation.

## Revoke personal access tokens

Observability Platform invalidates each personal access token and its associated API
token upon expiration. You can also manually revoke personal access tokens that
you've created.

<Warning>
  When you revoke a personal access token, Observability Platform removes it and its
  associated API token immediately without any additional confirmation.
</Warning>

To revoke a token:

1. Click your profile icon from the menu bar and select **My Account**.
2. On the row of the token you want to revoke, click **<Icon icon="trash" /> Revoke**.

To revoke all of your tokens:

1. Click your profile icon from the menu bar and select **My Account**.
2. Click **Revoke All**.
