Create a Personal Access Token (PAT)

POST

/pat

• Nhost Authentication API Server

Generate a new Personal Access Token for programmatic API access. PATs are long-lived tokens that can be used instead of regular authentication for automated systems. Requires elevated permissions.

Authorizations

• BearerAuthElevated

Request Body ^required

Personal Access Token creation request with expiration and metadata

object

expiresAt

required

Expiration date of the PAT

string format: date-time

metadata

object

key

additional properties

any

Example

{
  "name": "my-pat",
  "used-by": "my-app-cli"
}

Responses

200

Successfully created a Personal Access Token

object

id

required

ID of the PAT

string

/\b[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\b/

Example

2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24

personalAccessToken

required

PAT

string

/\b[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\b/

Example

2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24

default

An error occurred while processing the request

Standardized error response

object

status

required

HTTP status error code

integer

Example

400

message

required

Human-friendly error message

string

Example

Invalid email format

error

required

Error code identifying the specific application error

string

Allowed values: default-role-must-be-in-allowed-roles disabled-endpoint disabled-user email-already-in-use email-already-verified forbidden-anonymous internal-server-error invalid-email-password invalid-request locale-not-allowed password-too-short password-in-hibp-database redirectTo-not-allowed role-not-allowed signup-disabled unverified-user user-not-anonymous invalid-pat invalid-refresh-token invalid-ticket disabled-mfa-totp no-totp-secret invalid-totp mfa-type-not-found totp-already-active invalid-state oauth-token-echange-failed oauth-profile-fetch-failed oauth-provider-error invalid-otp cannot-send-sms provider-account-already-linked