PAT (Personal Access Token)

A Personal Access Token (PAT) is a ready to use token which can be used as Authorization header. At the moment ZITADEL only allows PATs for machine accounts (service users).

It is an alternative to the JWT profile authentication where the service user has a key to authenticate. Read more about that here

Create a Service User with a PAT

Navigate to Service Users
Click on New
Enter a user name and a display name
Click on the Personal Access Token menu point in the detail of your user
Click on New
You can either set an expiration date or leave it empty if you don't want it to expire
Copy the token from the dialog (You will not see this again)

Create new service user

Grant role for ZITADEL

To be able to access the ZITADEL APIs your service user needs permissions to ZITADEL.

Go to the detail page of your organization
Click in the top right corner the "+" button
Search for your service user
Give the user the role you need, for the example we choose Org Owner (More about ZITADEL Permissions)

Add org owner to service user

Call ZITADEL API with PAT

Because the PAT is a ready to use Token, you can add it as Authorization Header and send it in your requests to the ZITADEL API. In this example we read the organization of the service user.

curl --request GET \
  --url {your-domain}/management/v1/orgs/me \
  --header 'Authorization: Bearer {PAT}' 

Create a Service User with a PAT​

Grant role for ZITADEL​

Call ZITADEL API with PAT​

Create a Service User with a PAT

Grant role for ZITADEL

Call ZITADEL API with PAT