search
HelpLoginSign up for free

Personal Access Tokens

Personal access tokens (PATs) let you connect MCP clients to Jam without going through the OAuth flow. Instead of authorizing through a browser, you create a token in your Jam settings and paste it directly into your MCP client configuration.

Each token is scoped to a specific team, tied to your user account, and has a mandatory expiration date.

hashtag
Creating a token

  1. Go to Settings > Integrations > AI Agents

  2. Scroll to the Personal Access Tokens section

  3. Click Create token

  4. Fill in the details:

    • Name — A label to identify the token (e.g., "Cursor" or "Claude Code")

    • Expiration — How long the token is valid: 7 days, 30 days, 90 days, or 1 year

    • Scopes — The permissions the token needs (see Scopes below)

  5. Click Create

  6. Copy your token immediately — you won't be able to see it again

circle-exclamation

Store your token securely. Treat it like a password. Jam only stores a hash of the token, so there is no way to retrieve it after creation.

hashtag
Using a token with MCP clients

Use your PAT as a Bearer token when configuring MCP clients. Below are examples for popular clients.

hashtag
Claude Code

In your terminal:

hashtag
Cursor

Add to your MCP configuration:

hashtag
VS Code / Windsurf

Add to your mcp.json:

circle-info

PATs skip the OAuth browser authorization step entirely. This makes them ideal for headless environments or CI pipelines.

hashtag
Scopes

Scopes control what the token can do. Select only the scopes you need.

Scope
Description

mcp:read

View Jam details, logs, events, and network requests

mcp:write

Move Jams to folders and add comments

circle-info

You must select at least one scope when creating a token.

hashtag
Managing tokens

hashtag
Viewing your tokens

Go to Settings > Integrations > AI Agents to see all your personal access tokens for the current team. The list shows each token's name, scopes, last used date, and expiration status.

hashtag
Revoking a token

  1. Find the token in your token list

  2. Click the ... menu on the right

  3. Select Revoke token

  4. Confirm the revocation

triangle-exclamation

Revoking a token is permanent. Any MCP client using the token will immediately lose access.

hashtag
Expiration

All tokens have a mandatory expiration date. When creating a token, choose from:

  • 7 days — For short-lived tasks or testing

  • 30 days — For active development work

  • 90 days — For longer-running integrations

  • 1 year — For stable, long-term integrations

Expired tokens stop working automatically. Create a new token when one expires and update your MCP client configuration.

hashtag
Security best practices

  • Use short-lived tokens — Choose the shortest expiration that works for your use case

  • Limit scopes — Only grant the permissions the token actually needs

  • Never commit tokens — Store tokens in environment variables or your MCP client's secure credential storage, not in files checked into version control

  • One token per client — Create separate tokens for each MCP client so you can revoke them independently

  • Revoke immediately if compromised — If a token may have been exposed, revoke it right away and create a replacement

hashtag
Token format

Jam PATs follow a recognizable format:

The jam_pat_ prefix makes it easy to identify Jam tokens in your configuration and helps secret scanners detect accidental exposure.

PreviousMCPNextAsana

Last updated

Was this helpful?