The Qoder Cloud Agents API authenticates via PAT (Personal Access Token). Every API request must carry a valid PAT in the HTTP header.
Pass the PAT in the
Full request example:
We recommend storing the PAT as an environment variable instead of hard-coding it:
How to get a PAT
- Sign in to the Qoder CN console.
- Go to Settings > API Tokens.
- Click Create Token, then set a name and permission scopes.
- Copy the generated token (shown only once, keep it safe).
A PAT uses the
pt- prefix, for example pt-your-token-here. Never commit tokens to source control or share them publicly.Bearer header format
Pass the PAT in the Authorization header of every request using the Bearer scheme:
Environment variable configuration (recommended)
We recommend storing the PAT as an environment variable instead of hard-coding it:
Security best practices
- Create separate PATs for different environments (development / testing / production).
- Rotate tokens on a regular schedule.
- Grant tokens only the scopes they actually need (least privilege).
- Immediately revoke any compromised token from the console.