-->
Azure DevOps Services | Azure DevOps Server 2020 | Azure DevOps Server 2019 | TFS 2018 - TFS 2017
A personal access token (PAT) is used as an alternate password to authenticate into Azure DevOps. Learn how to create, use, modify, and revoke PATs for Azure DevOps.
About Press Copyright Contact us Creators Advertise Developers Terms Privacy Policy & Safety How YouTube works Test new features Press Copyright Contact us Creators. Sourcetree is a free graphical user interface (GUI) desktop client that simplifies how you interact with Git repositories so that you can fully concentrate on coding. Say goodbye to the command line — this GUI makes it easy to visualize and manage your repositories. If you already have a repository, you can view it in SourceTree. Click New, then Add Existing Local Repository. Select the repository your wish to add, then click Open. Your added repository appears under Local. In Git it is actually much simpler. Just provide a #workitemid in the commit message and TFS does the rest once you push it to the repository. Because the linking is done on the TFS server once it is pushed, this works with any Git client you use. From the command line, SourceTree (which is great!), XCode etc. It all just works.
If you're working within Microsoft tools, then your Microsoft account (MSA) or Azure Active Directory (Azure AD) is an acceptable and well-supported approach. But, if you're working with third-party tools that don't support Microsoft or Azure AD accounts – or you don't want to provide your primary credentials to the tool – you can make use of PATs to limit your risk.
PATs are easy to create when you need them and easy to revoke when you don't. To set up PATs for non-Microsoft tools, use Git credential managers or create them manually. We recommend that you review our authentication guidance to help you choose the correct authentication mechanism. For smaller projects that require a less robust solution, PATs are a simple alternative. Unless your users are using a credential manager, they have to enter their credentials each time.
You can create and manage your PATs through one of two ways:
- the user interface in your user settings, which is described in detail below, and
- through the PAT Lifecycle Management API.
Sourcetree Tfs Pay
Create a PAT
Note
To enable the new user interface for the New account manager page, see Manage or enable features.
Sign in to your organization in Azure DevOps (
https://dev.azure.com/{yourorganization}
)From your home page, open your user settings, and then select Personal access tokens.
And then select + New Token.
Name your token, select the organization where you want to use the token, and then choose a lifespan for your token.
Select the scopesfor this token to authorize for your specific tasks.
For example, to create a token to enable a build and release agent to authenticate to Azure DevOps Services,limit your token's scope to Agent Pools (Read & manage). To read audit log events, and manage and delete streams, select Read Audit Log, and then select Create.
When you're done, make sure to copy the token. For your security, it won't be shown again. Use this token as your password.
Sign in to your organization in Azure DevOps (
https://dev.azure.com/{yourorganization}
)From your home page, open your profile. Go to your security details.
Select + New Token.
Name your token, select the organization where you want to use the token, and then choose a lifespan for your token.
Select the scopesfor this token to authorize for your specific tasks.
For example, to create a token to enable a build and release agent to authenticate to Azure DevOps Services,limit your token's scope to Agent Pools (Read & manage), and then select Create.
When you're done, make sure to copy the token. For your security, it won't be shown again. Use this token as your password.
Sign in to your web portal (
https://{server}:8080/tfs/
).From your home page, open your profile. Go to your security details.
Create a personal access token.
Name your token. Select a lifespan for your token.
If you have more than one organization,you can also select the organization where you want to use the token.
Select the scopesfor this token to authorize for your specific tasks.
For example, to create a token to enable a build and release agent to authenticate,limit your token's scope to Agent Pools (read, manage).
When you're done, make sure to copy the token. For your security, it won't be shown again. Use this token as your password. Select Close.
Once your PAT is created, you can use it anywhere your user credentials are required for authentication in Azure DevOps.
Notifications
Users receive two notifications during the lifetime of a PAT - one upon creation and the other seven days before the expiration.
After you create a PAT, you receive a notification similar to the following example.
Seven days before your PAT expires, you receive a notification similar to the following example.
Unexpected notification
If you receive an unexpected PAT notification, an administrator or tool might have created a PAT on your behalf. See the following examples.
- When you connect to an Azure DevOps Git repo through git.exe. it creates a token with a display name like 'git:
https://MyOrganization.visualstudio.com/
on MyMachine.' - When you or an administrator sets up an Azure App Service web app deployment, it creates a token with a display name like 'Service Hooks: : Azure App Service: : Deploy web app.'
- When you or an administrator sets up web load testing, as part of a pipeline, it creates a token with a display name like 'WebAppLoadTestCDIntToken'.
- When a Microsoft Teams Integration Messaging Extension is set up, it creates a token with a display name like 'Microsoft Teams Integration'.
If you believe that a PAT exists in error, we suggest that you revoke the PAT. Then, change your password. As an Azure AD user, check with your administrator to see if your organization was used from an unknown source or location. See also the FAQ about accidentally checking in a PAT to a public GitHub repository.
Use a PAT
Your token is your identity and represents you when it's used. Treat and use a PAT like your password.
- Git interactions require a username, which can be anything except the empty string.The PAT is used as the password.Additionally, you have to Base64-encode the username and PAT to use it with HTTP basic authentication.On Linux or macOS, in Bash, you can enter:
Sourcetree Tfs Account
On Windows, you can do something similar in PowerShell:
To keep your token more secure, use credential managers so you don't have to enter your credentials every time. We recommend the following credential manager:
- Git Credential Manager Core (Windows also requires Git for Windows)
Use a PAT in your code
See the following sample that gets a list of builds using curl.
If you wish to provide the PAT through an HTTP header, first convert it to a Base64 string (the following example shows how to convert to Base64 using C#). The resulting string can then be provided as an HTTP header in the following format:Authorization: Basic BASE64_USERNAME_PAT_STRING
Here it is in C# using the HttpClient class.
Tip Brenton studio chair parts.
When you're using variables, add a '$' at the beginning of the string, like in the following example.
When your code is working, it's a good time to switch from basic auth to OAuth.
If you enable IIS Basic Authentication for TFS, PATs aren't valid. For more information, see Using IIS Basic Authentication with TFS on-premises.
For more examples of how to use PATs, see Git credential managers, REST APIs, NuGet on a Mac, Reporting clients, or Get started with Azure DevOps CLI.
Modify a PAT
You can regenerate or extend a PAT, and modify its scope.
Note
To enable the new user interface for the New account manager page, see Manage or enable features. Central time zone utc.
From your home page, open your user settings, and then select Profile.
Under Security, select Personal access tokens. Select the token for which you want to modify, and then select Edit.
Edit the token name, organization it applies to, token expiration, or the scope of access that's associated with the token, and then select Save.
From your home page, open your profile. Go to Security details.
Select the token for which you want to modify, and then select Edit.
Edit the token name, organization it applies to, token expiration, or the scope of access that's associated with the token, and then select Save.
Revoke a PAT
You can revoke a PAT at any time, for various reasons.
Note
To enable the new user interface for the New account manager page, see Manage or enable features.
From your home page, open your user settings, and then select Profile.
Under Security, select Personal access tokens. Select the token for which you want to revoke access, and then select Revoke.
Select Revoke in the confirmation dialog.
From your home page, open your profile. Go to Security details.
Select the token for which you want to revoke access, and then select Revoke.
Select Revoke in the confirmation dialog.
Sourcetree Connect To Tfs
Related articles
FAQs
Q: Is there a way to renew a PAT via REST API?
A: Yes, there is a way to renew, manage, and create PATs using our PAT Lifecycle Management APIs. Read more about renewing/regenerating/rotating PATs in our FAQ.
Q: Can I use basic auth with all of Azure DevOps REST APIs?
A: No. You can use basic auth with most of them, but organizations and profiles only support OAuth.
Q: What happens if I accidentally check my PAT into a public repository on GitHub?
Sign in to your organization in Azure DevOps (
https://dev.azure.com/{yourorganization}
)From your home page, open your user settings, and then select Personal access tokens.
And then select + New Token.
Name your token, select the organization where you want to use the token, and then choose a lifespan for your token.
Select the scopesfor this token to authorize for your specific tasks.
For example, to create a token to enable a build and release agent to authenticate to Azure DevOps Services,limit your token's scope to Agent Pools (Read & manage). To read audit log events, and manage and delete streams, select Read Audit Log, and then select Create.
When you're done, make sure to copy the token. For your security, it won't be shown again. Use this token as your password.
Sign in to your organization in Azure DevOps (
https://dev.azure.com/{yourorganization}
)From your home page, open your profile. Go to your security details.
Select + New Token.
Name your token, select the organization where you want to use the token, and then choose a lifespan for your token.
Select the scopesfor this token to authorize for your specific tasks.
For example, to create a token to enable a build and release agent to authenticate to Azure DevOps Services,limit your token's scope to Agent Pools (Read & manage), and then select Create.
When you're done, make sure to copy the token. For your security, it won't be shown again. Use this token as your password.
Sign in to your web portal (
https://{server}:8080/tfs/
).From your home page, open your profile. Go to your security details.
Create a personal access token.
Name your token. Select a lifespan for your token.
If you have more than one organization,you can also select the organization where you want to use the token.
Select the scopesfor this token to authorize for your specific tasks.
For example, to create a token to enable a build and release agent to authenticate,limit your token's scope to Agent Pools (read, manage).
When you're done, make sure to copy the token. For your security, it won't be shown again. Use this token as your password. Select Close.
Once your PAT is created, you can use it anywhere your user credentials are required for authentication in Azure DevOps.
Notifications
Users receive two notifications during the lifetime of a PAT - one upon creation and the other seven days before the expiration.
After you create a PAT, you receive a notification similar to the following example.
Seven days before your PAT expires, you receive a notification similar to the following example.
Unexpected notification
If you receive an unexpected PAT notification, an administrator or tool might have created a PAT on your behalf. See the following examples.
- When you connect to an Azure DevOps Git repo through git.exe. it creates a token with a display name like 'git:
https://MyOrganization.visualstudio.com/
on MyMachine.' - When you or an administrator sets up an Azure App Service web app deployment, it creates a token with a display name like 'Service Hooks: : Azure App Service: : Deploy web app.'
- When you or an administrator sets up web load testing, as part of a pipeline, it creates a token with a display name like 'WebAppLoadTestCDIntToken'.
- When a Microsoft Teams Integration Messaging Extension is set up, it creates a token with a display name like 'Microsoft Teams Integration'.
If you believe that a PAT exists in error, we suggest that you revoke the PAT. Then, change your password. As an Azure AD user, check with your administrator to see if your organization was used from an unknown source or location. See also the FAQ about accidentally checking in a PAT to a public GitHub repository.
Use a PAT
Your token is your identity and represents you when it's used. Treat and use a PAT like your password.
- Git interactions require a username, which can be anything except the empty string.The PAT is used as the password.Additionally, you have to Base64-encode the username and PAT to use it with HTTP basic authentication.On Linux or macOS, in Bash, you can enter:
Sourcetree Tfs Account
On Windows, you can do something similar in PowerShell:
To keep your token more secure, use credential managers so you don't have to enter your credentials every time. We recommend the following credential manager:
- Git Credential Manager Core (Windows also requires Git for Windows)
Use a PAT in your code
See the following sample that gets a list of builds using curl.
If you wish to provide the PAT through an HTTP header, first convert it to a Base64 string (the following example shows how to convert to Base64 using C#). The resulting string can then be provided as an HTTP header in the following format:Authorization: Basic BASE64_USERNAME_PAT_STRING
Here it is in C# using the HttpClient class.
Tip Brenton studio chair parts.
When you're using variables, add a '$' at the beginning of the string, like in the following example.
When your code is working, it's a good time to switch from basic auth to OAuth.
If you enable IIS Basic Authentication for TFS, PATs aren't valid. For more information, see Using IIS Basic Authentication with TFS on-premises.
For more examples of how to use PATs, see Git credential managers, REST APIs, NuGet on a Mac, Reporting clients, or Get started with Azure DevOps CLI.
Modify a PAT
You can regenerate or extend a PAT, and modify its scope.
Note
To enable the new user interface for the New account manager page, see Manage or enable features. Central time zone utc.
From your home page, open your user settings, and then select Profile.
Under Security, select Personal access tokens. Select the token for which you want to modify, and then select Edit.
Edit the token name, organization it applies to, token expiration, or the scope of access that's associated with the token, and then select Save.
From your home page, open your profile. Go to Security details.
Select the token for which you want to modify, and then select Edit.
Edit the token name, organization it applies to, token expiration, or the scope of access that's associated with the token, and then select Save.
Revoke a PAT
You can revoke a PAT at any time, for various reasons.
Note
To enable the new user interface for the New account manager page, see Manage or enable features.
From your home page, open your user settings, and then select Profile.
Under Security, select Personal access tokens. Select the token for which you want to revoke access, and then select Revoke.
Select Revoke in the confirmation dialog.
From your home page, open your profile. Go to Security details.
Select the token for which you want to revoke access, and then select Revoke.
Select Revoke in the confirmation dialog.
Sourcetree Connect To Tfs
Related articles
FAQs
Q: Is there a way to renew a PAT via REST API?
A: Yes, there is a way to renew, manage, and create PATs using our PAT Lifecycle Management APIs. Read more about renewing/regenerating/rotating PATs in our FAQ.
Q: Can I use basic auth with all of Azure DevOps REST APIs?
A: No. You can use basic auth with most of them, but organizations and profiles only support OAuth.
Q: What happens if I accidentally check my PAT into a public repository on GitHub?
Tfs With Sourcetree
A: Azure DevOps scans for PATs checked into public repositories on GitHub. When a leaked token is discovered, we immediately send a detailed email notification to the token owner and log an event to your Azure DevOps organization's audit log. We encourage impacted users to mitigate immediately by rotating or revoking the leaked PAT.