It is : each token is granted specific permissions that restrict which endpoints it can access.scoped It is tied to a specific anduser . Any action performed with a token is attributed to the user who created it and is recorded in thetenant .Change Log It can be given an and can beexpiration date at any time.revoked



: pass the token in theAuthentication header as a Bearer token, in the formAuthorization .Authorization: Bearer pat_<tenantId>_<token> :Available scopes ,um:read , andum:write , which correspond to theum:bulk ,Read , andWrite options in the token dialog. A token can have one or more scopes. A request to an endpoint the token is not scoped for is rejected withRead and write .403 Forbidden : the available user management operations (read, write, and bulk), with example requests, responses, and error codes.Endpoints
Last updated on Jun 19, 2026