> For the complete documentation index, see [llms.txt](https://docs.ai.neevcloud.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.ai.neevcloud.com/api-reference/tenant/personal-access-tokens.md).

# Personal Access Tokens

Personal access token (PAT) management endpoints for users within an organization

## List the caller's PATs across all organizations (masked).

> List the caller's active (non-revoked) PATs across every organization they belong to. PATs are owned by the user, so this profile route is org-agnostic; each item carries its own \`org\_id\` so the caller can tell which org a PAT is bound to. Revoked tokens are not returned. The bearer value is never returned; only a masked prefix is shown. Endpoint is gated by the \`pat.api.enabled\` feature flag.<br>

```json
{"openapi":"3.0.3","info":{"title":"Tenant API","version":"0.1.0"},"tags":[{"name":"Personal Access Tokens","description":"Personal access token (PAT) management endpoints for users within an organization"}],"servers":[{"url":"https://api.ai.neevcloud.com/tenant","description":"Consolidated public API gateway"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","description":"Use the **`access_token`** from `POST /api/v1/auth/login` (same credentials as the console). In **Authorize**, paste **only that token** — do not prepend `Bearer`, and do not use inference keys (`sk-nc-*`) here. The same token authenticates this API and AI Models / AI Runtime.\n"}},"schemas":{"ListPATsResponse":{"type":"object","description":"A response object containing a paginated list of PATs.","required":["items","total"],"properties":{"items":{"type":"array","description":"Array of PAT info objects.","items":{"$ref":"#/components/schemas/PATInfo"}},"total":{"type":"integer","description":"Total number of PATs matching the query (across all pages)."}}},"PATInfo":{"type":"object","description":"PAT information with masked prefix; the plaintext bearer is never returned by list endpoints.","required":["id","org_id","name","prefix","created_at","expires_at"],"properties":{"id":{"type":"string","format":"uuid","description":"The unique identifier for the PAT."},"org_id":{"type":"string","description":"ID of the organization this PAT is bound to."},"name":{"type":"string","description":"The PAT name."},"prefix":{"type":"string","description":"Masked display prefix for the PAT bearer."},"created_at":{"type":"string","format":"date-time","description":"When the PAT was created."},"expires_at":{"type":"string","format":"date-time","description":"When the PAT expires."},"revoked_at":{"type":"string","format":"date-time","nullable":true,"description":"When the PAT was revoked, or null if still active."}}},"ErrorResponse":{"type":"object","description":"Standard error response containing an error message","required":["code","message"],"properties":{"code":{"type":"string","description":"A short, machine-readable error code."},"message":{"type":"string","description":"A descriptive error message."}}}}},"paths":{"/api/v1/users/me/pats":{"get":{"tags":["Personal Access Tokens"],"summary":"List the caller's PATs across all organizations (masked).","description":"List the caller's active (non-revoked) PATs across every organization they belong to. PATs are owned by the user, so this profile route is org-agnostic; each item carries its own `org_id` so the caller can tell which org a PAT is bound to. Revoked tokens are not returned. The bearer value is never returned; only a masked prefix is shown. Endpoint is gated by the `pat.api.enabled` feature flag.\n","operationId":"listPATs","parameters":[{"name":"org_id","description":"Optional. When set, returns only the caller's PATs bound to this organization. When omitted, returns the caller's PATs across all organizations they belong to.\n","in":"query","required":false,"schema":{"type":"string"}},{"name":"limit","description":"Number of items per page.","in":"query","required":false,"schema":{"type":"integer","minimum":1,"maximum":100,"default":25}},{"name":"offset","description":"Number of items to skip.","in":"query","required":false,"schema":{"type":"integer","minimum":0,"default":0}}],"responses":{"200":{"description":"A page of the caller's PATs across all organizations.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ListPATsResponse"}}}},"401":{"description":"Missing or invalid authentication token.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"PAT feature is disabled.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"An unexpected internal server error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}}}
```

## Create a personal access token bound to an organization.

> Issue a new platform PAT owned by the calling user and bound to the organization named in the request body (the caller must be a member of it). PATs live under the user's profile, so this route is org-agnostic and the target org is supplied in the body rather than the path. The plaintext bearer is returned exactly once in the response and cannot be retrieved later. Endpoint is gated by the \`pat.api.enabled\` feature flag.<br>

```json
{"openapi":"3.0.3","info":{"title":"Tenant API","version":"0.1.0"},"tags":[{"name":"Personal Access Tokens","description":"Personal access token (PAT) management endpoints for users within an organization"}],"servers":[{"url":"https://api.ai.neevcloud.com/tenant","description":"Consolidated public API gateway"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","description":"Use the **`access_token`** from `POST /api/v1/auth/login` (same credentials as the console). In **Authorize**, paste **only that token** — do not prepend `Bearer`, and do not use inference keys (`sk-nc-*`) here. The same token authenticates this API and AI Models / AI Runtime.\n"}},"schemas":{"CreatePATRequest":{"type":"object","description":"Request to create a new personal access token.","required":["org_id","name"],"properties":{"org_id":{"type":"string","minLength":1,"description":"ID of the organization the PAT is bound to. The caller must be a member of this organization. The PAT can only act within this org.\n"},"name":{"type":"string","minLength":1,"maxLength":64,"description":"Human-friendly label for the PAT."},"expires_in_days":{"type":"integer","minimum":1,"maximum":90,"description":"Lifetime of the PAT in days. Defaults to 90."}}},"CreatePATResponse":{"type":"object","description":"Response after creating a PAT. The plaintext bearer is only returned in this response and cannot be retrieved later.","required":["id","name","bearer","prefix","created_at","expires_at"],"properties":{"id":{"type":"string","format":"uuid","description":"The unique identifier for the PAT."},"name":{"type":"string","description":"The PAT name."},"bearer":{"type":"string","description":"The plaintext PAT bearer. Shown exactly once at creation time."},"prefix":{"type":"string","description":"Masked display prefix used in subsequent list responses."},"created_at":{"type":"string","format":"date-time","description":"When the PAT was created."},"expires_at":{"type":"string","format":"date-time","description":"When the PAT expires."}}},"ErrorResponse":{"type":"object","description":"Standard error response containing an error message","required":["code","message"],"properties":{"code":{"type":"string","description":"A short, machine-readable error code."},"message":{"type":"string","description":"A descriptive error message."}}}}},"paths":{"/api/v1/users/me/pats":{"post":{"tags":["Personal Access Tokens"],"summary":"Create a personal access token bound to an organization.","description":"Issue a new platform PAT owned by the calling user and bound to the organization named in the request body (the caller must be a member of it). PATs live under the user's profile, so this route is org-agnostic and the target org is supplied in the body rather than the path. The plaintext bearer is returned exactly once in the response and cannot be retrieved later. Endpoint is gated by the `pat.api.enabled` feature flag.\n","operationId":"createPAT","requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/CreatePATRequest"}}}},"responses":{"201":{"description":"PAT created; bearer returned exactly once.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CreatePATResponse"}}}},"400":{"description":"The request payload is invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Missing or invalid authentication token.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Caller is not a member of the organization.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"PAT feature is disabled.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"An unexpected internal server error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}}}
```

## Revoke a PAT (soft delete).

> Revoke a previously issued PAT the caller owns. PATs are owned by the user, so revocation is org-agnostic and gated on caller-is-owner only. Revocation is a soft delete (sets \`revoked\_at\`); subsequent verification attempts will fail. Endpoint is gated by the \`pat.api.enabled\` feature flag.<br>

```json
{"openapi":"3.0.3","info":{"title":"Tenant API","version":"0.1.0"},"tags":[{"name":"Personal Access Tokens","description":"Personal access token (PAT) management endpoints for users within an organization"}],"servers":[{"url":"https://api.ai.neevcloud.com/tenant","description":"Consolidated public API gateway"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","description":"Use the **`access_token`** from `POST /api/v1/auth/login` (same credentials as the console). In **Authorize**, paste **only that token** — do not prepend `Bearer`, and do not use inference keys (`sk-nc-*`) here. The same token authenticates this API and AI Models / AI Runtime.\n"}},"schemas":{"ErrorResponse":{"type":"object","description":"Standard error response containing an error message","required":["code","message"],"properties":{"code":{"type":"string","description":"A short, machine-readable error code."},"message":{"type":"string","description":"A descriptive error message."}}}}},"paths":{"/api/v1/users/me/pats/{pat_id}":{"delete":{"tags":["Personal Access Tokens"],"summary":"Revoke a PAT (soft delete).","description":"Revoke a previously issued PAT the caller owns. PATs are owned by the user, so revocation is org-agnostic and gated on caller-is-owner only. Revocation is a soft delete (sets `revoked_at`); subsequent verification attempts will fail. Endpoint is gated by the `pat.api.enabled` feature flag.\n","operationId":"deletePAT","parameters":[{"name":"pat_id","description":"The PAT ID","in":"path","required":true,"schema":{"type":"string","format":"uuid"}}],"responses":{"204":{"description":"The PAT was revoked successfully."},"401":{"description":"Missing or invalid authentication token.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"PAT not found, caller is not the owner, or feature disabled.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"An unexpected internal server error occurred.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}}}
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.ai.neevcloud.com/api-reference/tenant/personal-access-tokens.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.