Personal Access Tokens

Authenticate access to your own resources and those outside the scope of your apps

---

A Personal Access Token (usually shortened as PAT) is a kind of key that authenticates your connection to the Clarifai platform. It's not linked to a specific application.

A PAT represents you when accessing the Clarifai API. It's a powerful way of accessing your resources within the Clarifai platform.

You can use PATs to accomplish various tasks, including:

• Access multiple apps with a single key. This lets you access your own apps as well as any other apps you have permission to use, such as public apps, apps where you're added as a collaborator, or apps belonging to your organization's team.
• Create apps and app-specific keys programmatically through the API. This is crucial for programs that segregate the data of each of their end-users into different apps.

Note: PAT is the primary authentication mechanism we use. For example, when using a PAT to access a resource, you need to specify the user ID alongside the application ID of the owner of the resource you want to access — be it your own or for another user. If accessing your own resources, you specify your own user_id and app_id; if you don't own them, specify the owner's user_id and app_id.

PAT Versus API Key

A PAT allows you to make inferences on resources that are outside the scope of your apps. An API Key only allows you to access resources scoped to the app defined by that key. So, you can use an API Key to access your own resources, but not Clarifai's or other public resources.

How to Create a PAT on the Platform

A default PAT is automatically generated for you when you create an account on the Clarifai platform. Nonetheless, you can also create a new PAT explicitly on the platform.

To create it, log in to the platform, go to the top-right corner of the navigation bar, and open the drop-down menu.

Then, select the Security settings option in the drop-down list.

On the ensuing Security page, click the Create Personal Access Token button.

On the form that pops up, provide a short token description, set the scopes you want to apply, and click the Create Personal Access Token button.

You can find the new PAT listed in the Personal Access Token section, where you can copy, view, edit, or delete it.

note

• PATs do not expire. In case your PAT gets compromised, you should delete it, and create a new one with the same scopes.
• We recommend that you do not share your PAT with other users.

Set PAT as an Environment Variable

It's recommended to load your PAT from an environment variable. Keeping your PAT in a secrets manager, and not in the source code, improves its security and management.

Here is how you can set it as an environment variable.

Unix-Like Systems

 export CLARIFAI_PAT=YOUR_PERSONAL_ACCESS_TOKEN_HERE 

Windows

 set CLARIFAI_PAT=YOUR_PERSONAL_ACCESS_TOKEN_HERE 

Example

Here is an example of how to use a PAT to make a prediction request.

Python SDK

import os
from clarifai.client import Model

# Or, you can set the PAT as an environment variable instead of hardcoding it
os.environ["CLARIFAI_PAT"] = "YOUR_PAT_HERE"

# Initialize with model URL
model = Model(url="https://clarifai.com/qwen/qwenLM/models/Qwen3-30B-A3B-GGUF")

response = model.predict(prompt="What is the future of AI?")

print(response)

Python (gRPC)

##################################################################################################
# FOR SECURE AUTHENTICATION, SET PAT AS AN ENVIRONMENT VARIABLE
#################################################################################################

# The built-in Python os library provides functions to access and manipulate environment variables
import os

# Python-dotenv reads key-value pairs from a .env file and can set them as environment variables
# Install the library by running `pip install python-dotenv`
from dotenv import load_dotenv

load_dotenv()

# Set the `CLARIFAI_PAT` environment variable before running the code. For example, you can set it in an .env file as `export CLARIFAI_PAT=YOUR_PAT_HERE`
# Your PAT can be found in your Clarifai's account Security section

PAT = os.getenv('CLARIFAI_PAT')
if PAT is None:
    raise ValueError("PAT is not set. Please set the CLARIFAI_PAT environment variable.")

##################################################################################################
# In this section, we set the user ID, app ID, model details, and the URL
# of the image we want as an input. Change these strings to run your own example.
#################################################################################################

# Specify the correct user_id/app_id pairings
# Since you're making inferences outside your app's scope
USER_ID = 'clarifai'
APP_ID = 'main'
MODEL_ID = 'general-image-recognition'
# This is optional. You can specify a model version or the empty string for the default
MODEL_VERSION_ID = ''
IMAGE_URL = 'https://samples.clarifai.com/metro-north.jpg'

############################################################################
# YOU DO NOT NEED TO CHANGE ANYTHING BELOW THIS LINE TO RUN THIS EXAMPLE
############################################################################

from clarifai_grpc.channel.clarifai_channel import ClarifaiChannel
from clarifai_grpc.grpc.api import resources_pb2, service_pb2, service_pb2_grpc
from clarifai_grpc.grpc.api.status import status_code_pb2

channel = ClarifaiChannel.get_grpc_channel()
stub = service_pb2_grpc.V2Stub(channel)

metadata = (('authorization', 'Key ' + PAT),)

userDataObject = resources_pb2.UserAppIDSet(user_id=USER_ID, app_id=APP_ID)

post_model_outputs_response = stub.PostModelOutputs(
    service_pb2.PostModelOutputsRequest(
        user_app_id=userDataObject,  # The userDataObject is created in the overview and is required when using a PAT
        model_id=MODEL_ID,
        version_id=MODEL_VERSION_ID,  
        inputs=[
            resources_pb2.Input(
                data=resources_pb2.Data(
                    image=resources_pb2.Image(
                        url=IMAGE_URL
                    )
                )
            )
        ]
    ),
    metadata=metadata
)
if post_model_outputs_response.status.code != status_code_pb2.SUCCESS:
    print(post_model_outputs_response.status)
    raise Exception("Post model outputs failed, status: " + post_model_outputs_response.status.description)

# Since we have one input, one output will exist here
output = post_model_outputs_response.outputs[0]

print("Predicted concepts:")
for concept in output.data.concepts:
    print("%s %.2f" % (concept.name, concept.value))

# Uncomment this line to print the full Response JSON
#print(output)

cURL

curl -X POST "https://api.clarifai.com/v2/users/clarifai/apps/main/models/general-image-recognition/versions/aa7f35c01e0642fda5cf400f543e7c40/outputs" \
    -H "Authorization: Key YOUR_PAT_HERE" \
    -H "Content-Type: application/json" \
    -d '{
      "inputs": [
        {
          "data": {
            "image": {
              "url": "https://samples.clarifai.com/metro-north.jpg"
            }
          }
        }
      ]
    }'