We’re happy to announce the release of our new APIs to manage the lifecycle of Personal Access Tokens (PATs) on Azure DevOps. This rich set of APIs enable your team with the ability to better manage the PATs they own, offering them new functionality, such as creating new personal access tokens with a desired scope and duration, renewing existing personal access tokens, or expiring existing personal access tokens.
Today, the main way for you to manage their PAT tokens is through the UI or by using a limited set of APIs intended only for Project Collection Administrators. This new API unlocks the ability for organizations to set up automation involving PAT tokens, including setting up build pipelines or interacting with work items.
With this, regular maintenance and rotation of PAT tokens will be much simpler. We know this has been a major challenge for your teams and we’re so excited to help alleviate some of that overload with this new API!
What new abilities are included with this API?
- Create a Personal Access Token (PAT)
- List the metadata of a given PAT
- List the metadata of all PATs for a given user
- Revoke a given PAT
- Update metadata of a given PAT
Please note that for nuget packaging it's possible to generate personal access token, see for example following link with accompanying powershell script to do that one:
https://github.com/chocolatey/choco/issues/1721#issuecomment-810558523
I think it could be useful to patch
https://github.com/microsoft/artifacts-credprovider
source code and add support for being able to alter token name (At the moment hardcoded), also token usage to something else than nuget packaging.
Hi Angel,
do you have a estimate if or when this feature will land at the On-Premises Azure DevOps Server?
Hi Necati, there are no immediate plans for having this feature supported in ADO Server. Thanks for your interest! – Angel