Create access tokens when an external system needs to authenticate Hawzu API requests.
Tokens are shown only once after creation. Copy the token before closing the success window.
Go to the Access Tokens page and select Create Token.
If the workspace has no tokens yet, use Create Access Token from the empty state.
The create action is available only to users with permission to create workspace access tokens.
Token Name is required.
Use a name that explains the token’s purpose, such as:
CI RunnerNightly AutomationExternal SyncClear names make it easier to audit and revoke tokens later.
Choose either Workspace or Project.
This choice controls how roles are assigned.
Choose Workspace when the token should use one workspace role.
Then select a role from Workspace Scope.
The role picker only shows workspace roles that can be assigned to access tokens. Some protected or user-only roles are intentionally not available.
Choose Project when the token should access one or more projects.
For each project row:
Use Add another project to add another project row. The button is available after the current project rows are complete.
Projects already selected in another row are not shown again. A role can be selected only after a project is selected.
Use the remove action in a row to remove that project from the token before creation.
Choose one expiry option:
The default expiry is 1 Week.
Choose Custom Date to pick a specific date. Custom dates cannot be in the past.
Choose Never Expires only when needed. Hawzu shows a security warning because tokens without expiry should be kept carefully and rotated regularly.
Create Token is enabled only when:
Select Cancel to close the create window without creating a token.
After creation, Hawzu opens an Access Token Created window.
Copy the token immediately. This is the only time the token value is shown.
After the success window is closed, Hawzu will not show the full token value again. If the value is lost, create a new token and update the system that uses it.
The token appears in the Access Tokens table with its label, access type, creator, created date, expiry, and lifecycle actions.
Keep the copied token in a secure place, such as a secrets manager or CI/CD secret location.