DigitalOcean Home

How to Create a Personal Access Token

The first step to using the API is to generate a personal access token. Personal access tokens function like ordinary OAuth access tokens. They can be used instead of a password for DigitalOcean over HTTPS, or can be used to authenticate to the API over Basic Authentication.

Tokens can be created with read or read-write scope. Write scope is required if you want to modify your account in any way (e.g. create or delete a Droplet).

To generate a personal access token:

  1. Log in to the DigitalOcean Control Panel.
  2. Follow the API link in the main navigation.
  3. Click the Generate New Token button.

Then, on the New personal access token form:

  • Enter the token name. This is for your own reference.
  • Select the scope.
  • Then click the Generate Token button.

New Personal Access Token screen

Your token will be generated and presented to you on your Personal Access Tokens page. The actual token is the long string of numbers and letters, under the name:

New Personal Access Token screen

Be sure to record your personal access token now. For security purposes it will not be shown again.

Remember to keep your tokens secret! They function similarly to passwords. Do not hard code your tokens into programs where they may accidentally be released in version control and are harder to rotate. Instead, use environmental variables. If a token becomes compromised, delete it to revoke that token’s access.

Now that you have generated a personal access token, you can use it like a password to use the API with your account.