Skip to main content

Personal Access Tokens

Personal Access Tokens (PATs) provide a way to access task information in both workers and applications that create and manage tasks.


An access token grants access to the Taskurai API.

Copy the token to a secure place and do not share or check this token into source control.


  • Taskurai installation (Taskurai instance, Taskurai CLI, etc.). See Taskurai Setup.

If you are not signed in to Azure yet, you will need to log in using your Azure credentials. You can use one of the following methods:

  1. Azure Tools extension for VS Code
  2. Azure CLI: az login
  3. Azure PowerShell: Connect-AzAccount
  4. If you are not logged in using any of the above methods, an interactive browser login will be used.

Taskurai Access Scopes

Include all scopes

To include all scopes, user wildcards:

  • Taskurai.*

Task scopes

The following access scopes can be used:

  • Taskurai.Task.Create: Create new tasks.
  • Taskurai.Task.Read: Read or list tasks.
  • Taskurai.Task.Logs.Read: Read or list task logs.
  • Taskurai.Task.Update: Update existing tasks.
  • Taskurai.Task.Delete: Delete a task.

To include all task permissions, use wildcards:

  • Taskurai.Task.*

Logging scopes

The following access scopes can be used:

  • Taskurai.Log.Query.Read: Query log messages.
  • Taskurai.Log.Console.Read: List console log messages.
  • Taskurai.Log.System.Read: List system log messages.
  • Taskurai.Log.Task.Console.Read: List task console log messages.
  • Taskurai.Log.TaskCorrelation.Console.Read: List task correlation console log messages.
  • Taskurai.Log.Command.Console.Read: List command console log messages.
  • Taskurai.Log.Worker.Console.Read: List worker console log messages.
  • Taskurai.Log.Worker.System.Read: List worker system log messages.
  • Taskurai.Log.ContainerImage.Console.Read: List container image console log messages.

To include all log permissions, use wildcards:

  • Taskurai.Log.*

Managing PATs using the CLI

Creating an Access Token

To create an access token, use the taskurai pat create command:

taskurai pat create --name mytoken --valid-minutes 43200 --scopes "Taskurai.Task.*" --scopes "Taskurai.Log.*"

Updating an Access Token

To update an existing access token, use the taskurai pat update command:

taskurai pat update --name mytoken --valid-minutes 2500

Showing an Access Token

To view the properties of an existing access token, use the taskurai pat show command:

taskurai pat show --name mytoken

Please note that the token value is only returned when creating or updating a token.

Listing Access Tokens

To list all access tokens, use the taskurai pat list command:

taskurai pat list

Removing Access Tokens

To delete an access token, use the taskurai pat delete command:

taskurai pat delete --name mytoken

Alternatively, you can select the PAT(s) from the list using the delete command:

taskurai pat delete

Revoking Access

If you want to revoke access using a specific token, deleting the token will immediately revoke access permanently.

Handling Access Tokens

Access tokens should be handled with care, as they provide access to the Taskurai API.

For local development in C#, it is recommended to use User Secrets to store and manage secrets. This way, you avoid checking secrets into source control.

When running your applications in a hosted environment, deploy PATs as sensitive information. Use the methods available on your platform or deployment pipeline to manage this kind of information.


Workers deployed to Taskurai do not need any access tokens deployed as part of the solution. They are granted access automatically.