From 34dad99c0768642de484aa0f5eb8b3257d6cbf29 Mon Sep 17 00:00:00 2001 From: functionzz <164675620+functionzz@users.noreply.github.com> Date: Wed, 24 Jun 2026 16:08:37 -0400 Subject: [PATCH 1/6] add pat docs --- documentation/docs/localizer/users.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/documentation/docs/localizer/users.md b/documentation/docs/localizer/users.md index ec41af036b..d394ccf1a1 100644 --- a/documentation/docs/localizer/users.md +++ b/documentation/docs/localizer/users.md @@ -111,6 +111,19 @@ It’s possible to set the default homepage displayed when visiting Pontoon as a ![LOCALES tab in translation tools](../assets/localizer/users/translation_locales.png "LOCALES tab in translation tools") +### Personal Access Tokens +Users can create Personal Access Tokens (PAT) which are required for accessing all endpoints of the Pontoon [REST API](https://github.com/mozilla/pontoon/blob/main/pontoon/api/README.md). + +To create a PAT, the user must enter a suitable token name no longer than 32 characters. The generated token is used with the REST API as follows: + +```bash +curl \ + -H "Authorization: Bearer " \ + https://example.com/api/v2/resource/ +``` + +PATs can be manually deleted at any time and automatically expire after one year. + ### Account removal Users can delete their account by scrolling to the `Account Management` section, where a button reading `Delete Account` is located. Once clicked, the user will need to From 074e7470ad697628d67069cfdf288317abd99ea7 Mon Sep 17 00:00:00 2001 From: functionzz <164675620+functionzz@users.noreply.github.com> Date: Wed, 24 Jun 2026 16:36:20 -0400 Subject: [PATCH 2/6] change API readme to mention PATs --- pontoon/api/README.md | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/pontoon/api/README.md b/pontoon/api/README.md index c255f98197..80de230cfb 100644 --- a/pontoon/api/README.md +++ b/pontoon/api/README.md @@ -2,7 +2,21 @@ Pontoon provides a set of [RESTful](https://developer.mozilla.org/en-US/docs/Glossary/REST) endpoints via the [Django REST Framework](https://www.django-rest-framework.org/), accessible under `/api/v2/`. -> 🔐 Added on September 2, 2025 at 12:37 UTC: The REST API is in beta. While stable for general use, its structure may change as we continue development. +## Authentication + +Most endpoints are publicly accessible and require no authentication. A few endpoints require an authenticated user. + +Requests can be authenticated either with a session cookie or with a Personal Access Token (PAT). You can create a PAT from your [user settings](https://pontoon.mozilla.org/settings/) page (see the [User Accounts & Settings](https://github.com/mozilla/pontoon/blob/main/documentation/docs/localizer/users.md#personal-access-tokens) documentation for details). + +Send the token in the `Authorization` header using the `Bearer` scheme: + +```bash +$ curl \ + -H "Authorization: Bearer " \ + "https://example.com/api/v2/pretranslate/" +``` + +A PAT automatically expires one year after it is created, and can be deleted manually at any time. Requests made with an invalid or expired token are rejected. ## JSON Mode From a217b669c7e9cfe8a4ce5ddabdf51daceac58f44 Mon Sep 17 00:00:00 2001 From: Jamie <164675620+functionzz@users.noreply.github.com> Date: Thu, 25 Jun 2026 09:25:09 -0400 Subject: [PATCH 3/6] Update documentation/docs/localizer/users.md Co-authored-by: Francesco Lodolo --- documentation/docs/localizer/users.md | 1 + 1 file changed, 1 insertion(+) diff --git a/documentation/docs/localizer/users.md b/documentation/docs/localizer/users.md index d394ccf1a1..8d3e5da30f 100644 --- a/documentation/docs/localizer/users.md +++ b/documentation/docs/localizer/users.md @@ -112,6 +112,7 @@ It’s possible to set the default homepage displayed when visiting Pontoon as a ![LOCALES tab in translation tools](../assets/localizer/users/translation_locales.png "LOCALES tab in translation tools") ### Personal Access Tokens + Users can create Personal Access Tokens (PAT) which are required for accessing all endpoints of the Pontoon [REST API](https://github.com/mozilla/pontoon/blob/main/pontoon/api/README.md). To create a PAT, the user must enter a suitable token name no longer than 32 characters. The generated token is used with the REST API as follows: From 7554f5c279e9be3716b5ed100f0a44a002f26d76 Mon Sep 17 00:00:00 2001 From: Jamie <164675620+functionzz@users.noreply.github.com> Date: Thu, 25 Jun 2026 09:25:17 -0400 Subject: [PATCH 4/6] Update documentation/docs/localizer/users.md Co-authored-by: Francesco Lodolo --- documentation/docs/localizer/users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/docs/localizer/users.md b/documentation/docs/localizer/users.md index 8d3e5da30f..a7408bbeb9 100644 --- a/documentation/docs/localizer/users.md +++ b/documentation/docs/localizer/users.md @@ -113,7 +113,7 @@ It’s possible to set the default homepage displayed when visiting Pontoon as a ### Personal Access Tokens -Users can create Personal Access Tokens (PAT) which are required for accessing all endpoints of the Pontoon [REST API](https://github.com/mozilla/pontoon/blob/main/pontoon/api/README.md). +Users can create Personal Access Tokens (PAT) which are required for accessing all endpoints of the Pontoon [REST API](https://github.com/mozilla/pontoon/blob/main/pontoon/api/README.md). To create a PAT, the user must enter a suitable token name no longer than 32 characters. The generated token is used with the REST API as follows: From 8fb1f6c23ea1ce478a60fb0fd0f62a19b765032e Mon Sep 17 00:00:00 2001 From: Jamie <164675620+functionzz@users.noreply.github.com> Date: Thu, 25 Jun 2026 09:25:26 -0400 Subject: [PATCH 5/6] Update documentation/docs/localizer/users.md Co-authored-by: Francesco Lodolo --- documentation/docs/localizer/users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/docs/localizer/users.md b/documentation/docs/localizer/users.md index a7408bbeb9..7b97532c21 100644 --- a/documentation/docs/localizer/users.md +++ b/documentation/docs/localizer/users.md @@ -115,7 +115,7 @@ It’s possible to set the default homepage displayed when visiting Pontoon as a Users can create Personal Access Tokens (PAT) which are required for accessing all endpoints of the Pontoon [REST API](https://github.com/mozilla/pontoon/blob/main/pontoon/api/README.md). -To create a PAT, the user must enter a suitable token name no longer than 32 characters. The generated token is used with the REST API as follows: +To create a PAT, the user must enter a suitable token name no longer than 32 characters. The generated token can be used with the REST API as follows: ```bash curl \ From 88e5d42381ae29d94d5123140fa27d15cb33600d Mon Sep 17 00:00:00 2001 From: functionzz <164675620+functionzz@users.noreply.github.com> Date: Thu, 25 Jun 2026 11:24:53 -0400 Subject: [PATCH 6/6] wording change --- documentation/docs/localizer/users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/docs/localizer/users.md b/documentation/docs/localizer/users.md index 7b97532c21..e0149c8b57 100644 --- a/documentation/docs/localizer/users.md +++ b/documentation/docs/localizer/users.md @@ -113,7 +113,7 @@ It’s possible to set the default homepage displayed when visiting Pontoon as a ### Personal Access Tokens -Users can create Personal Access Tokens (PAT) which are required for accessing all endpoints of the Pontoon [REST API](https://github.com/mozilla/pontoon/blob/main/pontoon/api/README.md). +Users can create Personal Access Tokens (PAT) which are required for accessing some endpoints of the Pontoon [REST API](https://github.com/mozilla/pontoon/blob/main/pontoon/api/README.md). To create a PAT, the user must enter a suitable token name no longer than 32 characters. The generated token can be used with the REST API as follows: