Personal Access Token

This section explains how to use personal access tokens for authentication in Exasol SaaS.

You can use a personal access token (PAT) to authenticate when connecting to a database using JDBC, ODBC, ADO.NET, or WebSockets. You can also use a PAT to authenticate when using the REST API. Each token is created with a specific access scope, which means that you can create multiple tokens for different types of access to the database or web console. When a token is not needed anymore, you can revoke it.

Scope of personal access tokens

Exasol SaaS has a number of pre-defined scope categories that control access to the database and the Rest API. When you create a PAT you must select at least one of the scopes described in the following table:

Category Scope Acess rights
Database Use

View and connect to databases that you have access to

Use & Operate

Full access to the databases, including:

  • View databases and clusters
  • Connect to databases and clusters
  • Start and stop databases
  • Create new databases
  • Create new clusters
  • Delete a cluster
Users Read View the list of users in your organization
Read & Write

View, invite, and remove users in your organization

Security Read Read the IP addresses in the allowed list
Read & Write

Read, add, and remove IP addresses in the allowed list

Billing Read View the current billing information, including credit card details
Read & Write

View and update billing details, including adding or updating credit card details

Monitoring Read View usage details for the organization, including compute, storage, and network usage
File management Write Access to the file management APIs

Create a personal access token

  1. In the web console, open your profile menu and select Personal access tokens

    profile menu

  2. The Personal Access Tokens window shows any existing tokens in the current account and allows you to create and revoke tokens.

    To create a new token, click on Create token.

  3. In the Create personal access token dialog, enter a descriptive name for the token and select the desired scope.

    dialog window

  4. Click on Generate to generate the new token.

    If your profile is not complete you will be asked to complete it before the token can be generated.

  5. When the token has been generated it will be displayed as a message in the Personal Access Tokens window. Click on copy to copy the token to your clipboard.

    The token is only shown once and will disappear when you close or refresh the page. Make sure that you copy the token and store it in a safe location. The token cannot be retrieved later.

Revoke a token

If a token is no longer needed, you can revoke it.

  1. In the web console, open your profile menu and select Personal access tokens

    profile menu

  2. In the Personal Access Tokens window, click on ... and select Revoke.

    select revoke token

  3. In the confirmation window, click on Revoke to revoke the token, or click on Close to cancel the operation.

    revoke confirmation