> ## Documentation Index > Fetch the complete documentation index at: https://docs.devinenterprise.com/llms.txt > Use this file to discover all available pages before exploring further. # Personal Access Tokens [Closed Beta] > Authenticate as yourself for programmatic API access Personal Access Tokens are currently in **closed beta** and are feature-flagged. [Contact support](mailto:support@cognition.ai) to request access. PATs are **not available** for SSO/enterprise accounts. ## Overview Personal Access Tokens (PATs) allow human users to authenticate programmatically under their own identity. Unlike service user API keys (which authenticate as a non-human service user), a PAT authenticates as **you** — the human user who created the token. | Token type | Authenticates as | Identity | Permissions | | ------------------------- | ------------------------ | --------------------------- | ------------------------------------ | | **Service User API Key** | Service User (non-human) | The service user's identity | The service user's assigned role | | **Personal Access Token** | User (human) | Your user identity | Your permissions and org memberships | All API credentials use the `cog_` prefix format. Both token types are used identically in the `Authorization` header: ```bash theme={null} curl "https://api.devin.ai/v3/organizations/$DEVIN_ORG_ID/sessions" \ -H "Authorization: Bearer $YOUR_PAT" ``` ## When to use PATs PATs are designed for scenarios where you need programmatic API access **as yourself**: * **Personal scripts and tooling** — automate your own workflows without a shared service user * **Local development** — test API integrations using your own account * **Short-lived automation** — one-off scripts that should be attributed to you For production integrations, CI/CD pipelines, and shared automation, use [service user API keys](/api-reference/authentication#service-users-recommended-for-automation) instead. Service users provide better audit trails, centralized key management, and RBAC controls. ## How it works 1. **Generate a PAT** in your account settings 2. The token starts with `cog_` and is shown only once at creation time 3. Use the token in the `Authorization` header — exactly like a service user API key 4. Every API call authenticates as your user account — your permissions, org memberships, and audit trail apply ## Key differences from service user API keys | Aspect | Service User API Key | Personal Access Token | | ------------------ | ---------------------------------- | ---------------------------------- | | **Identity** | Non-human service user | Your human user account | | **Permissions** | Controlled by assigned RBAC role | Inherits your existing permissions | | **Audit trail** | Actions attributed to service user | Actions attributed to you | | **Key management** | Managed by org/enterprise admins | Managed by you personally | | **Use case** | Production automation, CI/CD | Personal scripts, local tooling | | **Availability** | Generally available | Closed beta | ## Limitations * **Closed beta**: PATs require a feature flag to be enabled for your account * **Not available for SSO/enterprise accounts**: Currently limited to non-SSO accounts * **Personal scope**: PATs are tied to your individual account and cannot be shared ## Security considerations * Treat PATs with the same care as passwords — they provide full access to your account * Store PATs in environment variables or secret managers, never in source code * Revoke PATs immediately if compromised * Use the minimum scope necessary for your use case * Prefer service user API keys for any shared or production automation ## Next steps * [Authentication overview](/api-reference/authentication) — understand the full auth model * [Teams quick start](/api-reference/getting-started/teams-quickstart) — get started with service users