Personal Access Tokens

Authenticate access to your own resources and those outside the scope of your apps

---

A Personal Access Token (usually shortened as PAT) is a kind of key that authenticates a user across all applications they have access to. It's not linked to a specific application.

A PAT represents you when accessing the Clarifai API. It's a powerful way of accessing your resources within the Clarifai platform.

You can use PATs to accomplish the following:

• Access multiple apps with a single key. This lets you access your own apps as well as any other apps you have permissions to use, such as public apps, apps where you're added as a collaborator, or apps belonging to your organization's team.
• Create apps and app-specific keys programmatically through the API. This is crucial for programs that segregate the data of each of their end-users into different apps.

info

• PAT is the primary authentication mechanism we use.
• When using a PAT, you need to specify the user ID alongside the application ID of the owner of the resource you want to access — be it your own or for another user. If accessing your own resources, you specify your own user_id and app_id; if you don't own them, specify the owner's user_id and app_id.

PAT Versus API Key

A PAT allows you to make inferences on resources that are outside the scope of your apps. An API Key only allows you to access resources scoped to the app defined by that key. So, you can use an API Key to access your own resources, but not Clarifai's or other public resources.

How to Create a PAT on the Platform

A default PAT is automatically generated for you when you create an account on the Clarifai platform. Nonetheless, you can also create a new PAT explicitly on the platform.

To create it, log in to the platform, navigate to the upper-right section of the navigation bar, and click your user’s profile icon.

Select the Security settings option in the drop-down list.

On the ensuing Security page, click the Create Personal Access Token button.

On the form that pops up, provide a short token description, set the scopes you want to apply, and click the Confirm button.

You can find the new PAT listed on the Personal Access Token section, where you can copy it to the clipboard, edit it, or delete it.

note

• PATs do not expire. In case your PAT gets compromised, you should delete it, and create a new one with the same scopes.
• We recommend that you do not share your PAT with other users.

How to Use a PAT Example

Here is an example of how to use a PAT to make a prediction request from Clarifai's general-image-recognition model.

Note that you need to specify the resource owner's user_id and app_id in the UserAppIDSet, if making a gRPC call, or in the URL, if making a REST call.

Set PAT as an Environment Variable

It's a good practice to load your PAT from an environment variable. Keeping your PAT in a secrets manager, and not in the source code, improves its security and management.

Python

##################################################################################################
# FOR SECURE AUTHENTICATION, SET PAT AS AN ENVIRONMENT VARIABLE
#################################################################################################

# The built-in Python os library provides functions to access and manipulate environment variables
import os

# Python-dotenv reads key-value pairs from a .env file and can set them as environment variables
# Install the library by running `pip install python-dotenv`
from dotenv import load_dotenv

load_dotenv()

# Set the `CLARIFAI_PAT` environment variable before running the code. For example, you can set it in an .env file as `export CLARIFAI_PAT=YOUR_PAT_HERE`
# Your PAT can be found in your Clarifai's account Security section

PAT = os.getenv('CLARIFAI_PAT')
if PAT is None:
    raise ValueError("PAT is not set. Please set the CLARIFAI_PAT environment variable.")

##################################################################################################
# In this section, we set the user ID, app ID, model details, and the URL
# of the image we want as an input. Change these strings to run your own example.
#################################################################################################

# Specify the correct user_id/app_id pairings
# Since you're making inferences outside your app's scope
USER_ID = 'clarifai'
APP_ID = 'main'
MODEL_ID = 'general-image-recognition'
# This is optional. You can specify a model version or the empty string for the default
MODEL_VERSION_ID = ''
IMAGE_URL = 'https://samples.clarifai.com/metro-north.jpg'

############################################################################
# YOU DO NOT NEED TO CHANGE ANYTHING BELOW THIS LINE TO RUN THIS EXAMPLE
############################################################################

from clarifai_grpc.channel.clarifai_channel import ClarifaiChannel
from clarifai_grpc.grpc.api import resources_pb2, service_pb2, service_pb2_grpc
from clarifai_grpc.grpc.api.status import status_code_pb2

channel = ClarifaiChannel.get_grpc_channel()
stub = service_pb2_grpc.V2Stub(channel)

metadata = (('authorization', 'Key ' + PAT),)

userDataObject = resources_pb2.UserAppIDSet(user_id=USER_ID, app_id=APP_ID)

post_model_outputs_response = stub.PostModelOutputs(
    service_pb2.PostModelOutputsRequest(
        user_app_id=userDataObject,  # The userDataObject is created in the overview and is required when using a PAT
        model_id=MODEL_ID,
        version_id=MODEL_VERSION_ID,  
        inputs=[
            resources_pb2.Input(
                data=resources_pb2.Data(
                    image=resources_pb2.Image(
                        url=IMAGE_URL
                    )
                )
            )
        ]
    ),
    metadata=metadata
)
if post_model_outputs_response.status.code != status_code_pb2.SUCCESS:
    print(post_model_outputs_response.status)
    raise Exception("Post model outputs failed, status: " + post_model_outputs_response.status.description)

# Since we have one input, one output will exist here
output = post_model_outputs_response.outputs[0]

print("Predicted concepts:")
for concept in output.data.concepts:
    print("%s %.2f" % (concept.name, concept.value))

# Uncomment this line to print the full Response JSON
#print(output)

cURL

curl -X POST "https://api.clarifai.com/v2/users/clarifai/apps/main/models/general-image-recognition/versions/aa7f35c01e0642fda5cf400f543e7c40/outputs" \
    -H "Authorization: Key YOUR_PAT_HERE" \
    -H "Content-Type: application/json" \
    -d '{
      "inputs": [
        {
          "data": {
            "image": {
              "url": "https://samples.clarifai.com/metro-north.jpg"
            }
          }
        }
      ]
    }'