Manage Personal Access Tokens Block

This block is available on the user module to create a personal access token or bearer token for use with API logins. 

Note: If you are creating a token InCert, be sure that "InCert" is in the label of the token somewhere. 

In this article:

• Setup
• Usage
• Expiration
• Reporting

Setup

Go to Admin -> Processes, Forms, and Profiles -> Switch from the "Case/Matter" module to the "User" module. Create or edit a User Aux form. On the form, add the block Manage Personal Access Tokens. There are no configuration settings available for the block. If you've created a new User Aux Form, you need to create a new process for it and then add the process to a Custom Link Box on the User Profile. 

Usage

Running the new process will display the following form:

If you click "Create Token", it will first ask you to label the token. Then it will generate a new token linked to the user. 

As the block notes, the new token is displayed only this one time. It is a 48 character alphanumeric code. If you return to the process, you will see the process, you'll see the token was generated and have the ability to expire the token.

After you create the token, you can see the last 4 digits of the token as a hint on the block or in a report.

Expiration

Tokens create before 2026-03-13 expire in one year. Tokens created after that date expire according to the Expiration Length selected when they were created. The default is 30 days.

If you forget or lose the token, you will need to expire it and then create a new token instead. 

The Expire Token link will prompt for confirmation.

Reporting

A report based on the top level System Users table contains a subtable named Access Tokens (One row per token).

That subtable contains informative fields, including, but not limited to Expires that displays the date and time the token expires.

Example Reports for Active Tokens are available.

The above is available on live sites as of 2026-03-20.