Personal access tokens function similar to session tokens and can be used by integrations to authenticate against the REST API. It is the most commonly used type of token for integrations.
1 - Enable personal access tokens in System Console > Integrations > Custom Integrations in prior versions or System Console > Integrations > Integration Management in versions after 5.12.
2 - Identify the account you want to create a personal access token with. You may optionally create a new user account for your integration, such as for a bot account. By default, only System Admins have permissions to create a personal access token.
3 - To create an access token with a non-admin account, you must first give it the appropriate permissions. Go to System Console > Users, search for the user account, and select Manage Roles from the dropdown.
4 - Select Allow this account to generate personal access tokens.
You may optionally allow the account to post to any channel in your Mattermost server, including direct messages by choosing the post:all role. post:channels role allows the account to post to any public channel in the Mattermost server.
...
7 - Enter a description for the token, so you remember what it’s used for. Then hit Save.
| Info |
|---|
Note: If you create a personal access token for a System Admin account, be extra careful who you share it with. The token enables a user to have full access to the account, including System Admin privileges. It is recommended to create a personal access token for non-admin accounts. |
8 - Copy the access token now for your integration and store it in a secure location. You won’t be able to see it again!
...