Personal Access Tokens
Create and manage personal access tokens for fine-grained, scoped access to your Skytells account.
What Are Personal Access Tokens?
Personal access tokens (PATs) are credentials that authenticate you as a developer and grant fine-grained, scoped access to your Skytells account. They are designed for scenarios where you need to manage account resources programmatically, such as through the Skytells CLI or automation scripts.
How They Differ from API Keys
API keys and personal access tokens serve different purposes:
| API Keys | Personal Access Tokens | |
|---|---|---|
| Purpose | Authenticate applications to call Skytells APIs (inference, predictions, models) | Authenticate developers to manage account resources with fine-grained permissions |
| Scope | Broad — grants access to the full API surface | Configurable — select only the permissions you need |
| Primary use | Server-to-server API calls from your application | CLI access, automation scripts, account management |
| Expiration | No built-in expiration | Supports expiration windows |
| Example | Your backend calls the Skytells Predictions API | You authenticate the Skytells CLI to deploy an app or manage projects |
If your use case is calling the Skytells API from application code (generating images, running models, creating predictions), use an API key. If you need to manage your account, projects, or deployments programmatically, use a personal access token.
Creating a Token
Open the Skytells Console
Go to console.skytells.ai and sign in.
Navigate to Settings → Tokens
Open Settings from the Account section in the sidebar, then select Tokens.
Direct link: console.skytells.ai/settings/tokens
Create a new token
Click the create action, give your token a clear name (e.g., cli-dev, ci-pipeline), and select the minimum scopes needed for your use case.
Set an expiration
Choose an expiration window if available. Short-lived tokens are recommended for temporary work.
Copy and store securely
The token value is shown once at creation. Copy it immediately and store it in a secure location such as a password manager or secrets vault.
You will not be able to view the full token again after creation. If you lose it, revoke the old token and create a new one.
Best Practices
- Use the smallest scope set — only grant the permissions the token actually needs.
- Prefer short-lived tokens for temporary work like debugging or one-time deployments.
- Rotate long-lived tokens on a regular schedule to limit exposure.
- Revoke unused tokens immediately — don't leave old tokens active.
- Name tokens descriptively so you can identify their purpose when reviewing active credentials.
Revoking and Rotating Tokens
- Open Skytells Console → Settings → Tokens.
- Find the token you want to replace.
- Create a new token with the same or narrower scope.
- Update the consuming application, script, or CLI configuration.
- Confirm the replacement works.
- Revoke the old token.
Related
- API Keys — application-level API authentication
- Making API Requests — how to authenticate API calls
- Security — platform security overview
How is this guide?