Personal Access Tokens
Personal Access Tokens provide secure authentication for API requests without exposing your login credentials.
What Are Personal Access Tokens?
Personal Access Tokens act as an alternative authentication method that gives you the same level of access as your regular account, but are designed for:
- API integrations with external systems
- Third-party applications that need BetaHub access
- Automated scripts for workflow automation
- CI/CD pipelines for deployment integration
Creating Your First Token
Step 1: Navigate to Token Management
- Click on your profile picture in the top right corner
- Select “Profile & Account” from the dropdown menu
- On the Profile page, locate the “API Access” card
- Click the “Manage API Tokens” button
- View your existing tokens (if any) with names, creation dates, and partial values
Step 2: Create a New Token
- Click the “New Token” button
- Fill in the required information:
- Token Name (required): Descriptive name for identification
- Good examples: “API Integration”, “CI/CD Pipeline”, “Production Scripts”
- Expiration Date (optional): When the token should expire
- Token Name (required): Descriptive name for identification
Step 3: Copy and Store Token
This is the most important step - read carefully!
After clicking “Create Token”, you’ll see your new token displayed ONLY ONCE. This token will NEVER be shown again.
- Copy the token immediately and store it securely
- Use the copy button provided for accuracy
- If you navigate away or refresh, the token becomes permanently hidden
- There is NO way to recover the token - you’ll need to delete and create a new one
Token Management
Viewing Existing Tokens
In your Personal Access Tokens page, you can see:
- Token Name - The descriptive name you provided
- Creation Date - When the token was created
- Expiration Date - When it will expire (if set)
- Partial Token - First 8 characters of the token hash for identification
- Last Used - When the token was last used in an API request (or “Never” if unused)
- Actions - Delete button for each token
The full token value is never displayed again after creation. Only the first 8 characters of the token hash are shown for identification (e.g., a1b2c3d4...). This is a hash of your token, not the actual token text, for security purposes.
Deleting Tokens
To remove a token you no longer need:
- Find the token in your list
- Click the “Delete” button
- Confirm the deletion
Important:
- Token deletion is immediate and irreversible
- Applications using the deleted token will stop working immediately
- There’s no way to recover a deleted token
Using Personal Access Tokens
Authentication Method
Personal Access Tokens use Bearer token authentication:
Bearer Token Authentication:
curl -H "Authorization: Bearer YOUR_TOKEN_HERE" \
-H "Accept: application/json" \
https://app.betahub.io/projects.json
Token Format: Personal access tokens begin with the pat- prefix (e.g., pat-abc123...). The “Bearer” prefix is case-insensitive and optional - you can use Bearer, bearer, or omit it entirely.
URL Format
API endpoints support JSON responses in two ways:
# Option 1: Using .json extension
curl -H "Authorization: Bearer YOUR_TOKEN_HERE" \
https://app.betahub.io/projects.json
# Option 2: Using Accept header
curl -H "Authorization: Bearer YOUR_TOKEN_HERE" \
-H "Accept: application/json" \
https://app.betahub.io/projects
Token Permissions
Your personal access token inherits the same permissions as your user account:
- Project Access - All projects you have access to
- Read Permissions - View issues, comments, project data
- Write Permissions - Create and modify issues, add comments
- Administrative Access - Manage projects you own or administrate
API Endpoints
Need complete API documentation? This section shows common endpoint patterns. For detailed request/response schemas, all available parameters, and error codes, see the API Reference.
Authentication: The endpoints below work with Personal Access Tokens (Bearer authentication). For in-game bug reporting using Project Auth Tokens (FormUser authentication), see the Project Auth Tokens page.
Projects
List Projects:
GET /projects.json
Get Project Details:
GET /projects/{project_id}.json
Create Project:
POST /projects.json
Content-Type: application/json
{
"name": "My Game Project",
"description": "Game project description",
"visibility": "public"
}
Issues (Bugs, Suggestions, Tickets)
List Issues:
GET /projects/{project_id}/issues.json
Get Issue Details:
GET /projects/{project_id}/issues/{issue_id}.json
Create Issue:
POST /projects/{project_id}/issues.json
Content-Type: application/json
{
"title": "Bug report title",
"description": "Detailed bug description",
"category": "bug",
"priority": "high"
}
Valid category values: "bug", "feature_request", "question"
Update Issue:
PATCH /projects/{project_id}/issues/{issue_id}.json
Content-Type: application/json
{
"status": "resolved",
"assigned_to_id": 123
}
Comments
Note: Comments API endpoints are available through the API Reference. Comments can be added to various resource types including issues, tickets, and feature requests.
Users and Organizations
Get Current User:
GET /profiles/me.json
Response includes your user profile with name and project roles.
Note: Additional user and organization endpoints are available through the API Reference.
Example Integrations
JavaScript/Node.js
// Example: Fetching projects using a personal access token
const response = await fetch('https://app.betahub.io/projects.json', {
headers: {
'Authorization': 'Bearer YOUR_TOKEN_HERE',
'Accept': 'application/json',
'Content-Type': 'application/json'
}
});
const projects = await response.json();
console.log(projects);
// Create a new bug report
const newBug = await fetch('https://app.betahub.io/projects/pr-123/issues.json', {
method: 'POST',
headers: {
'Authorization': 'Bearer YOUR_TOKEN_HERE',
'Content-Type': 'application/json'
},
body: JSON.stringify({
title: 'Player cannot move after level 3',
description: 'Detailed description of the bug...',
category: 'bug',
priority: 'high'
})
});
Python
import requests
# Configure headers
headers = {
'Authorization': 'Bearer YOUR_TOKEN_HERE',
'Accept': 'application/json',
'Content-Type': 'application/json'
}
# Get projects
response = requests.get('https://app.betahub.io/projects.json', headers=headers)
projects = response.json()
# Create issue
issue_data = {
'title': 'Performance issue in level 5',
'description': 'Game freezes when entering level 5...',
'category': 'bug',
'priority': 'medium'
}
response = requests.post(
'https://app.betahub.io/projects/pr-123/issues.json',
headers=headers,
json=issue_data
)
Environment Variable Setup
# Set in your environment
export BETAHUB_TOKEN="your_token_here"
# Use in scripts
curl -H "Authorization: Bearer $BETAHUB_TOKEN" \
-H "Accept: application/json" \
https://app.betahub.io/projects.json
Security Best Practices
Token Creation
Use Descriptive Names:
- ✅ Good: “Production API Integration”, “Development Scripts”
- ❌ Bad: “Token1”, “Test”, “My Token”
Set Expiration Dates:
- Use shorter expiration periods for better security
- Consider your integration’s needs when setting dates
- You can always create new tokens when needed
Create Separate Tokens:
- Don’t share tokens across multiple integrations
- Use different tokens for different environments
- Makes access management and revocation easier
Token Storage
Secure Storage Methods:
- Use environment variables, not hardcoded values
- Encrypt tokens when storing them
- Use secure credential managers in production
Never Share Publicly:
- Don’t commit tokens to code repositories
- Don’t include tokens in screenshots or documentation
- Don’t share tokens in chat applications or emails
Regular Maintenance
Review and Cleanup:
- Delete unused tokens regularly
- Review token list periodically
- Remove tokens for discontinued integrations
- Replace tokens that may have been compromised
Troubleshooting
Common Issues
Token Not Working:
- Verify token hasn’t expired
- Check Authorization header format:
Bearer YOUR_TOKEN - Ensure
Accept: application/jsonheader is included - Verify account permissions for the resource
Lost Token:
- There’s no way to recover lost tokens
- Delete the old token from your list
- Create a new token with the same name
- Update all applications using the old token
API Errors
Authentication Errors (401):
- Token is invalid, expired, or malformed
- Missing or incorrect Authorization header
- Token has been deleted
Authorization Errors (403):
- Token is valid but lacks permission for the resource
- Account doesn’t have access to the requested project
Validation Errors (422):
- Request data failed validation
- Missing required fields
- Invalid field values
Error Response Format: All API errors return JSON in this format:
{
"error": "Error message describing the issue"
}
Advanced Usage
Webhook Integration
Combine API access with webhooks for real-time updates:
- Configure webhooks to receive notifications
- Use API to fetch detailed information
- Process updates automatically in your system
CI/CD Integration
Example GitHub Actions workflow:
name: Sync Issues to BetaHub
on:
issues:
types: [opened, closed]
jobs:
sync:
runs-on: ubuntu-latest
steps:
- name: Create BetaHub Issue
run: |
curl -X POST \
-H "Authorization: Bearer ${{ secrets.BETAHUB_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"title":"${{ github.event.issue.title }}","description":"${{ github.event.issue.body }}"}' \
https://app.betahub.io/projects/pr-123/issues.json
Custom Dashboard Creation
Use the API to build custom analytics and reporting:
// Fetch project metrics
const issues = await fetch('/projects/pr-123/issues.json').then(r => r.json());
const openBugs = issues.filter(i => i.category === 'bug' && i.status === 'open');
const resolvedThisWeek = issues.filter(i =>
new Date(i.resolved_at) > Date.now() - 7 * 24 * 60 * 60 * 1000
);
// Create custom visualizations
console.log(`Open bugs: ${openBugs.length}`);
console.log(`Resolved this week: ${resolvedThisWeek.length}`);
Getting Help
Support Resources
Documentation:
- API reference documentation - Complete endpoint documentation
- Integration examples and tutorials
- Best practices guides
Community Support:
- Join our Discord server for help
- Share integration examples with the community
- Get help from other developers
Direct Support:
- Contact support for complex integration issues
- Enterprise customers get priority API support
- Report API bugs and feature requests
Common Questions
Q: How many tokens can I create? A: There’s no strict limit, but we recommend creating only the tokens you need for security.
Q: Do tokens expire automatically? A: Only if you set an expiration date. Tokens without expiration remain valid indefinitely.
Q: Will changing my password affect my tokens? A: No, personal access tokens work independently of your password.
Q: Can I see which applications are using my tokens? A: Currently, token usage tracking is limited. This feature is planned for future releases.
See Also
- Project Auth Tokens – Project-scoped tokens for in-game reporting
- Security – Authentication and access control
- Webhooks – Real-time event notifications
- External Tools – Third-party tool connections
- Advanced Features – Webhooks, API, and automation