# Create Personal Access Token

`POST /auth/pats`

Create a new personal access token for the caller

{% hint style="info" %}

* User action signature required. See [User Action Signing](/d/api-docs/authentication/user-action-signing.md) for more information.
* Request headers required. See [Request Headers](/d/advanced-topics/authentication/request-headers.md) for more information.
* Authentication required. See [Authentication Headers](/d/advanced-topics/authentication/request-headers.md#authentication-headers) for more information.
  {% endhint %}

## Required Permissions

| Name               | Conditions      |
| ------------------ | --------------- |
| `Auth:Pats:Create` | Always Required |

## Request Body

| Property                                       | Type    | Description                                                                                                                                                                                     |
| ---------------------------------------------- | ------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `name` <mark style="color:red;">\*</mark>      | String  | the name of the personal access token, must be unique for the caller                                                                                                                            |
| `publicKey` <mark style="color:red;">\*</mark> | String  | public key that can be used to validate signatures generated by the personal access token                                                                                                       |
| `secondsValid`                                 | Integer | `Optional` number of seconds the personal access token will be valid. If this is specified, `daysValid` will be ignored.                                                                        |
| `daysValid`                                    | Integer | `Optional` number of days the personal access token will be valid. Max is `730`. If `secondsValid` is specified, `daysValid` will be ignored.                                                   |
| `permissionId`                                 | String  | `Optional` ID of the permission that will be assigned to the personal access token. If no permission ID is given, the personal access token will be assigned the same permissions as the caller |
| `externalId`                                   | String  | `Optional` user defined value that can be used to correlate the entity with an external system                                                                                                  |

### Example

```json
{
  "name": "My PAT",
  "publicKey": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZQt0YI2hdsFNmKJesSkAHldyPLIV\nFLI/AhQ5eGasA7jU8tEXOb6nGvxRaTIXrgZ2NPdk78O8zMqz5u9AekH8jA==\n-----END PUBLIC KEY-----",
  "daysValid": 365,
  "permissionId": "pm-delaw-avoca-v16r37fpp8koqebc"
}
```

## Responses

{% hint style="info" %}

* See [Common Errors](https://github.com/dfns/dfns-api-docs/blob/m/getting-started/errors.md#common-errors) for common errors.
* See [Personal Access Token Management Errors](https://github.com/dfns/dfns-api-docs/blob/m/getting-started/errors.md#personal-access-token-management-errors) for personal access token management specific errors.
  {% endhint %}

{% tabs %}
{% tab title="200" %}
**Success** - The created personal access token

```json
{
  "accessToken": "eyJ0eXAi...ulSXs3-5_NFOyFXJUSyUOQ",
  "dateCreated": "2023-04-12T03:38:05.595Z",
  "credId": "",
  "isActive": true,
  "kind": "CustomerEmployee",
  "linkedUserId": "us-24vwa-92s33-8tvqi1dg0a95megt",
  "linkedAppId": "",
  "name": "My new personal access token",
  "orgId": "or-yanke-mars-6ulofamogg8fs87v",
  "permissionAssignments": [
    {
      "permissionId": "pm-lit-yanke-46bfekf1548aeph4",
      "permissionName": "WalletAdmin",
      "assignmentId": "",
      "operations": [
        "Auth:Action:Sign",
        "Auth:Apps:Read",
        "Auth:Types:Employee",
        "Auth:Types:EndUser",
        "Auth:Types:Pat",
        "Auth:Types:ServiceAccount",
        "Auth:Users:Read",
        "Balances:Read",
        "Payments:Create",
        "Payments:Read",
        "PublicKeyAddresses:Read",
        "PublicKeys:Create",
        "PublicKeys:Read",
        "Signatures:Create",
        "Signatures:Read",
        "Transactions:Create",
        "Transactions:Read",
        "Wallets:Create",
        "Wallets:Read",
        "Wallets:Update"
      ]
    }
  ],
  "publicKey": "",
  "tokenId": "to-5kwgq-oegi0-879o3v4uh9ghhq72"
}
```

{% endtab %}
{% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs-legacy.dfns.co/d/api-docs/authentication/personal-access-token-management/createpersonalaccesstoken.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.