Personal access tokens are used to authenticate developer applications in the Buddy API. With the last release, we have further fortified it with two new options: workspace domain restrictions and IP address restrictions.

A possible use case involves a DevOps engineer managing automation in their company's workspace using a personal access token. This means that members of that workspace can use that token to participate in the automation process. However, if our engineer works in several workspaces at once, there's a risk that users can use the token to access a workspace they to do not belong to. The new restrictions allow you to mitigate this.

To enable the restrictions, go to the API settings in your user profile and click the token that you want to adjust:

Check the field Access Restrictions to expand the details. Here you can define the workspaces and IP addresses allowed to use the token:

You can also define access to individual parts of the system with these scopes in the token details: