Administration

Personal Access Tokens

Personal access tokens (PATs) let you authenticate to Driver's API and MCP server as yourself, without going through a browser-based login. Use a PAT when you want to script against Driver, run CLI workflows, or connect Driver's MCP server from a tool that doesn't support OAuth.

Note: Any organization member can create a personal access token, as long as your administrator has enabled them for the organization. Navigate to Settings > Access Tokens to get started.

Creating a Personal Access Token

  1. Open the Access Tokens page — Go to Settings > Access Tokens in the Driver web app. The Personal tab is selected by default.
  2. Click Create Token — Enter a Name (must be unique among your own tokens) and select an Expiration period: 30 days, 90 days, 180 days, or 365 days. Your administrator may restrict the maximum expiration available to your organization.
  3. Copy the token — The full token is displayed once. Copy it and store it securely. After you close the dialog, only the key prefix (e.g., drvp_aB3xK7...) is visible. The full token cannot be retrieved again.

Warning: Treat your personal access token like a password. Never commit it to source control or share it. If a token is exposed, delete it immediately and create a new one.

Personal access tokens authenticate as you. They inherit your organization role and access to sources — anything you can do in Driver, the token can do.

Using the Token

Personal access tokens start with the drvp_ prefix. Use the token in the Authorization header when connecting to Driver's MCP server:

bash
Authorization: Bearer drvp_your_token_here

For MCP client configuration, add the token to the headers:

json
{
  "mcpServers": {
    "driver-mcp": {
      "type": "http",
      "url": "https://api.us1.driverai.com/mcp/v1",
      "headers": {
        "Authorization": "Bearer drvp_your_token_here"
      }
    }
  }
}

Tip: The examples above show the token inline for clarity. As a best practice, keep your token out of any configuration file you commit to source control. Different MCP clients support different approaches for managing secrets such as input variables and environment variable expansion. See your client's documentation for the recommended way to inject the token.

Note: The URL above is for Driver's shared multi-tenant environment. If your organization uses a single-tenant deployment, your URL will follow the format https://api.<tenant>.driverai.com/mcp/v1. Check with your Driver admin for the correct URL.

Token Lifecycle

Expiration

Personal access tokens always expire — you choose 30, 90, 180, or 365 days at creation. There is no "never expires" option, by design. Driver sends email reminders as the expiration date approaches and again once a token has expired so you have time to rotate.

Rotating a Token

Personal access tokens cannot be regenerated in place. To rotate a token, create a new one, update your integration to use the new key, and then delete the old token.

Monitoring Usage

The Last Used column on the Personal tab shows when each token last authenticated. Use this to identify tokens that are no longer in use and can safely be deleted.

Deleting a Token

Find the token in the Personal tab of Settings > Access Tokens, click the trash icon next to it, and confirm. Deletion is immediate — the token can no longer authenticate to Driver and is removed from your token list.

Personal access tokens are scoped to you and your organization. If you leave the organization, your tokens stop working automatically.

Administrator Controls

Org Admins can manage personal access tokens for the organization at Settings > Organization, under the Personal Access Tokens section.

Enable or Disable Personal Access Tokens

Toggle Allow members to create personal access tokens for API authentication to enable or disable PATs for your organization. When disabled, members cannot create new tokens and existing tokens stop authenticating immediately. Re-enabling restores any tokens that have not expired or been individually deleted.

Maximum Token Expiration

Use the Maximum Token Expiration dropdown to cap how long any new personal access token can live. Options are 30 days, 90 days, 180 days, or 365 days. Changing this setting applies to new tokens only — existing tokens are not affected.