Personal Access Tokens (PATs)

The PAT Lifecycle Management API allows users to manage the lifecycle of their personal access tokens (PATs), which can be used as an alternate method to authenticate into Azure DevOps. To see the examples and a full list of the available requests, refer to the PAT Lifecycle Management API reference

In order for the requests in this API to be executed, they need to be authorized with Azure AD access token

Learn how to acquire the Azure AD access token with authorization code flow by following this guide. The scope for the token should be 499b84ac-1321-427f-aa17-267ca6975798/.default which provides access to Azure DevOps Services REST API. Once you have the token, use it as a Bearer token in Authorization header of your request

Example: Use Azure AD access token to make the List PATs request

In this example you can see how to use an Azure AD token to list your PATs in an organization. Refer to the API reference to see full list of parameters and sample response


Try executing this and other requests from the API in Postman!

Don't forget to replace the IDs (tenant, organization, etc.) and the access token on the Authorization tab

$auth = "Bearer <Azure AD token>"
$azureDevOpsApiVersion = "{latest API version}"
$headers = @{
    'Authorization' = $auth

Invoke-RestMethod -H $headers "{organization}/_apis/Tokens/Pats?api-version=$azureDevOpsApiVersion"