Personal Access Tokens (PAT) - DFNS documentation

{
  "dateCreated": "2023-04-14T20:41:28.715Z",
  "credId": "<string>",
  "isActive": true,
  "linkedUserId": "us-6b58p-r53sr-rlrd3l5cj3uc4ome",
  "linkedAppId": "ap-2a9in-tt2a1-983lho480p35ejd0",
  "name": "<string>",
  "orgId": "or-30tnh-itmjs-s235s5ontr3r23h2",
  "permissionAssignments": [
    {
      "permissionName": "<string>",
      "permissionId": "pm-37vj4-jkr4l-lc9945spfftkne57",
      "assignmentId": "as-1vcmc-qrek0-6b4vii9pln60907e",
      "operations": [
        "<string>"
      ]
    }
  ],
  "publicKey": "<string>",
  "tokenId": "to-202a0-cdo33-o65mbt6q758lvvnt",
  "accessToken": "<string>"
}

Create a Personal Access Token

Step-by-step guide to create a PAT and configure your SDK

Personal Access Tokens (PATs) are used to automate actions on behalf of a user. PATs are linked to your user. The effective permissions of a PAT are always the intersection of the user’s permissions and the token’s own permissions, enforced on every request. This means you can create a read-only PAT to monitor transactions in your wallet without reducing the permissions of your user. Since PATs are tied to a user, if the user is deactivated, all their PATs stop working (the backend validates the user’s active status on every request). Reactivating the user restores PAT access. Because of this, PATs are not meant to be used for server tasks. If you have a long-lived task, it is recommended that you use a Service Account instead, as Service Accounts are not tied to a specific user. This also means that a Service Account can have different permissions from the user that created the Service Account, giving you the ability to limit user permissions without affecting server tasks.

Personal Access Token object

dateCreated

string<date-time>

required

ISO 8601 date (must be UTC). Date the access token was created.

Example:

"2023-04-14T20:41:28.715Z"

credId

string

required

ID of the credential associated with the access token.

isActive

boolean

required

Whether the access token is active.

kind

enum<string>

required

Access token kind.

Available options:

Pat,

ServiceAccount,

Token,

Code,

Recovery,

Temp,

Application

linkedUserId

string

required

User id.

Required string length: 1 - 64

Pattern: ^us-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$

Example:

"us-6b58p-r53sr-rlrd3l5cj3uc4ome"

linkedAppId

string

required

ID of the application the access token is linked to.

Required string length: 1 - 64

Pattern: ^ap-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$

Example:

"ap-2a9in-tt2a1-983lho480p35ejd0"

name

string

required

Human-readable name of the access token.

orgId

string

required

Organization id.

Required string length: 1 - 64

Pattern: ^or-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$

Example:

"or-30tnh-itmjs-s235s5ontr3r23h2"

permissionAssignments

object[]

required

Permissions (roles) assigned to the access token.

Show child attributes

publicKey

string

required

Public key associated with the access token.

tokenId

string

required

Token id.

Required string length: 1 - 64

Pattern: ^to-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$

Example:

"to-202a0-cdo33-o65mbt6q758lvvnt"

accessToken

string

The access token. Only returned at creation time.

Last modified on May 12, 2026

Create Credential Code

List Personal Access Tokens

⌘I

Create a Personal Access Token

​Personal Access Token object

Personal Access Token object