Azure DevOps – REST APIs – Part 2 – Creating Personal Access Tokens (PATs)

Hi All,

LIFE IS BEAUTIFUL 🙂 I hope we all are safe 🙂 STAY SAFE, STAY HEALTHY,  STAY HOME 🙂

Background: We have started discussing Azure DevOps. In last 8 articles of Azure DevOps we discussed

• Introductory part of Azure DevOps – Introduction of Azure DevOps
• Organizations in Azure DevOps – What are Azure DevOps Organizations, how to create Organizations, permissions etc.
• Microsoft Azure DevOps – Deleting and Recovering Organization
• Microsoft Azure DevOps – Projects – What are Azure DevOps Projects, how to create Projects, permissions etc.
• Microsoft Azure DevOps – Types of Projects – Public project, Private project
• Microsoft Azure DevOps – Project settings
• Microsoft Azure DevOps – Deleting and Recovering Projects
• Azure DevOps – REST APIs – Part 1 – for Projects

In this article we will move ahead and will discuss how to create Personal Access Token (PAT). We need PATs for authenticating Azure DevOps. In one of the upcoming article we need to discuss – calling REST APIs programmatically where we need Personal Access Token for authenticating DevOps.

Take away from this article: At the end of this article we will got to know about

• What is Personal Access Token (PAT)
• How to create Personal Access Token (PAT)

What is Personal Access Token (PAT) :

• Personal Access Token (PAT) is mechanism to authenticate Azure DevOps
• PAT is the alternative for using Password to authenticate Azure DevOps
• We will generate PAT for accessing specific resource (scope) like WorkItems, builds, activities and so on
• PATs are used for accessing REST APIs

When to use Personal Access Token (PAT) to authenticate Azure DevOps / Scenario where PATs can be used for authentication :

• When we need to call Azure DevOps REST APIs programmatically
• If sometime we works with third party tools which don’t support Microsoft or Azure AD account, and we don’t want to share our credentials with this third party software then we have an option of using PATs
• For smaller projects again PAT is the robust solution

Creating a PAT :

• To create PAT we need to navigate to tokens page – https://dev.azure.com/<organization name>/_usersSettings/tokens, here we have https://dev.azure.com/prashamsabadra/_usersSettings/tokens
• We will navigate to tokens page by going to User Settings >> Personal access tokens as shown in below Fig :

• We will be navigated to Personal Access Tokens home page – https://dev.azure.com/<organization name>/_usersSettings/tokens, following figure shows the home page of Personal Access Tokens home page

• On the PAT home page we have an option to create new token as shown in below Fig

• We have various options on “Create a new personal access token” such as
  • Name of token
  • Expiration (UTC)
  • Scopes
• Expiration (UTC) : defines the lifespan of PAT
  • We have 4 options for Expiration (UTC) as shown in below Fig
  • In last option “Custom defined“, we can specify expiration date till 1 year.
  • We can not set expiration for PAT beyond 1 year

• Scopes : Scopes defines the actions can be performed by the PAT. There are predefined scopes – https://docs.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/oauth?view=azure-devops#scopes
  • There are two options we have
    • Full access
      • Selected as in below Fig
      • Can perform all the actions which are predefined here – https://docs.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/oauth?view=azure-devops#scopes
    • Custom defined – Here we have opportunity to limit PATs for performing specific actions

• Once we have details like Expiration, Scopes selection is in place we are ready to create PAT.
• Please click on “Create” button as shown in above Fig.
• If PAT created successfully then we have “Success!” dialog as shown in below Fig

• Make sure we copy the PTA right away, please see the warning on “Success!” dialog as shown in above Fig
• We have all the listing of PTAs – Personal Access Tokens on PTAs home page – https://dev.azure.com/<organization name>/_usersSettings/tokens as shown in below fig
• On selection of respective PTA we can perform various operations like – “Revoke”, “Edit” and “Regenerate”. We will discuss each operation in depth in next upcoming articles.

• We will also receive notification for addition of new PAT to our organization as shown in below Fig

References:

• Choosing the right authentication mechanism
• Use personal access tokens
• Authorize access to REST APIs with OAuth 2.0
• About security and identity
• Available Scopes

Next Article: On PATs we can perform various operations like – “Revoke”, “Edit” and “Regenerate”. We will discuss these operations and uses.

We have very good series going on Azure DevOps. Please have a look once –https://knowledge-junction.in/?s=Azure+DevOps

Thanks for reading 🙂 Feel free to discuss / comment / questions 🙂 SHARING IS CARING 🙂

Share In Teams:

Enjoy the beautiful life 🙂 Have a FUN 🙂 HAVE A SAFE LIFE 🙂 TAKE CARE 🙂