We’ve just added a new API Access Tokens section to your Buildkite user settings to help you manage API access 🚪 and security 🔐. You can now create new tokens as you need (each with their own limited set of permissions) as well as audit which tokens are currently being used and by whom.

The new API Access Token list

The new tokens are handy if you want to programatically trigger builds from your own scripts (say, via a cron task ⏰). Simply create a token with just the write_builds permission, limit it to the one account, and then pass the token to the Builds API in the access_token query parameter 👍🏼

Creating a new API Access Token

It’s now easy to rotate your API access tokens: simply create a new token, update your build scripts, and then revoke the old token.

If you’re currently using the API with your existing API token, don’t worry: it has been migrated to your API Access Tokens list (it has access to all permissions and all of your accounts, just as before). We’ve deprecated the old API authentication api_key parameter so be sure to change it to the new ✨ access_token parameter (see the API Authentication docs for all the details).