# Obtain Personal Access Token

Personal Access Tokens are an alternative to the regular OAuth Tokens (generated using different type of OAuth Grants). Both types of token allow access to Luxstay API. The main difference lies in the method of acquiring the access token. With regular OAuth, you authorize an application to communicate with Luxstay API on your behalf. On the other hand, with Personal Access Tokens you are in charge of requesting for the credentials to the API, and those credentails are managed by your own.

OAuth applications allow multiple users to authenticate against Luxstay API in order for your app to use the issued token. Personal Access Tokens are tied to a single user account. Personal Access Tokens can be used to experiment with the API or may serve as a simpler approach to issuing access tokens in general. Personal Access Tokens are always long-lived (long TTL) unlike the regular access tokens generated from OAuth Grants.

You may generate Personal Access Tokens using a Web UI by going to your dashboard. To create new token, you just need to provide a name and a list of scopes. Make sure you copy and store the newly generated token somewhere or you won't be able to see it again.

Personal Access Tokens act like your passwords. Anyone getting them could use them to request the Luxstay API on your behalf, so you should make sure to secure them. Do not hard-code tokens on code or push them to VCS.