Mender blog

Personal Access Tokens simplify the API-based integration with Hosted Mender

It is now possible to generate and use Personal Access Tokens on Hosted Mender when performing management API calls.

Before the introduction of this feature, the only way to obtain a JWT token to perform API calls was using the log-in end-point. However, the token returned lasts one week only. Therefore, storing and reusing it, for example, from a CI/CD pipeline or a scheduled job, is not practical.

Personal Access Tokens are long-lived JWT tokens that you can use to programmatically access the Mender management APIs without logging in each time you need to perform API calls or handling the JWT token expiration.

Personal Access Tokens act as API keys you can use from your CI/CD pipelines or scheduled jobs to access the Mender management APIs. The Personal Access Tokens impersonate the user who generated them, including all the permissions and roles associated with the user.

You can generate a Personal Access Token using the web-based UI from the "My profile":

create%20new%20token

You can specify a descriptive name for your token and an expiration time ranging from one week to one year. In the same view, you can also list and, eventually, revoke your tokens:

revoke%20access%20token

In our documentation, you can read more about using the management APIs, including the Personal Access Tokens.

Recent articles

Why cloud IoT solutions alone are not EU CRA compliant

Why cloud IoT solutions alone are not EU CRA compliant

Cloud IoT solutions often fall short in achieving compliance with the EU CRA. Learn more about the extensive requirements, and proper management solutions.
IoT Slam 2025: The impact of AI

IoT Slam 2025: The impact of AI

The recent IoT Slam 2025 conference outlined cutting-edge trends and technologies covering the entire spectrum of IoT across industries.
CVE-2025-49603 - Improper access control of device groups in Mender Server

CVE-2025-49603 - Improper access control of device groups in Mender Server

An ethical hacker on our HackerOne private bug bounty program recently discovered and disclosed access control issues with device groups in Mender Server.
View more articles

Learn why leading companies choose Mender

Discover how Mender empowers both you and your customers with secure and reliable over-the-air updates for IoT devices. Focus on your product, and benefit from specialized OTA expertise and best practices.

 
sales-pipeline_295756365