Skip to content

Documentation: add personal access token documentation #4258

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
functionzz wants to merge 6 commits into
base: main
Choose a base branch
from
+29 −1
Open

Documentation: add personal access token documentation #4258

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
34dad99
add pat docs
functionzz Jun 24, 2026
074e747
change API readme to mention PATs
functionzz Jun 24, 2026
a217b66
Update documentation/docs/localizer/users.md
functionzz Jun 25, 2026
7554f5c
Update documentation/docs/localizer/users.md
functionzz Jun 25, 2026
8fb1f6c
Update documentation/docs/localizer/users.md
functionzz Jun 25, 2026
88e5d42
wording change
functionzz Jun 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions documentation/docs/localizer/users.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,20 @@ It’s possible to set the default homepage displayed when visiting Pontoon as a

![LOCALES tab in translation tools](../assets/localizer/users/translation_locales.png "LOCALES tab in translation tools")

### Personal Access Tokens
Comment thread
functionzz marked this conversation as resolved.

Users can create Personal Access Tokens (PAT) which are required for accessing some endpoints of the Pontoon [REST API](https://github.com/mozilla/pontoon/blob/main/pontoon/api/README.md).

To create a PAT, the user must enter a suitable token name no longer than 32 characters. The generated token can be used with the REST API as follows:

```bash
curl \
-H "Authorization: Bearer <YOUR-TOKEN>" \
https://example.com/api/v2/resource/
```

PATs can be manually deleted at any time and automatically expire after one year.

### Account removal

Users can delete their account by scrolling to the `Account Management` section, where a button reading `Delete Account` is located. Once clicked, the user will need to
Expand Down
16 changes: 15 additions & 1 deletion pontoon/api/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,21 @@

Pontoon provides a set of [RESTful](https://developer.mozilla.org/en-US/docs/Glossary/REST) endpoints via the [Django REST Framework](https://www.django-rest-framework.org/), accessible under `/api/v2/`.

> 🔐 Added on September 2, 2025 at 12:37 UTC: The REST API is in beta. While stable for general use, its structure may change as we continue development.
## Authentication

Most endpoints are publicly accessible and require no authentication. A few endpoints require an authenticated user.

Requests can be authenticated either with a session cookie or with a Personal Access Token (PAT). You can create a PAT from your [user settings](https://pontoon.mozilla.org/settings/) page (see the [User Accounts & Settings](https://github.com/mozilla/pontoon/blob/main/documentation/docs/localizer/users.md#personal-access-tokens) documentation for details).

Send the token in the `Authorization` header using the `Bearer` scheme:

```bash
$ curl \
-H "Authorization: Bearer <YOUR-TOKEN>" \
"https://example.com/api/v2/pretranslate/"
```

A PAT automatically expires one year after it is created, and can be deleted manually at any time. Requests made with an invalid or expired token are rejected.

## JSON Mode

Expand Down
Loading