Skip to main content
API tokens authenticate your requests to the Sentry REST API. There are two kinds of tokens depending on your use case.

User auth tokens

User auth tokens are tied to your personal Sentry account. Any API call made with a user auth token acts with the same permissions you have in Sentry.

Creating a user auth token

1

Open auth token settings

Go to Settings > Auth Tokens in the Sentry web UI, or navigate directly to sentry.io/settings/auth-tokens/.
2

Create a new token

Click Create New Token. Give the token a descriptive name so you can identify it later.
3

Select scopes

Choose the minimum scopes your integration needs. You cannot add scopes to a token after it is created.
4

Save the token

Copy the token value immediately — Sentry only shows it once. Store it securely.
User auth tokens are prefixed with sntryu_.

Internal integration tokens

Internal integration tokens are scoped to an organization rather than a personal account. They are ideal for automated workflows, CI/CD pipelines, and server-to-server integrations that should not depend on any individual user’s account.

Creating an internal integration token

1

Open integrations settings

Go to Settings > Developer Settings > Internal Integrations for your organization.
2

Create an integration

Click Create New Integration. Give the integration a name and description.
3

Configure permissions

Set the permissions (scopes) the integration requires. These are equivalent to the token scopes described below.
4

Install the integration

Save the integration. Sentry generates a token automatically on installation.
5

Copy the token

Copy the token from the integration details page. Store it securely.

Token scopes

Each token is granted one or more scopes. A token can only perform operations allowed by its scopes.
ScopeWhat it allows
org:readList organizations, view members, and read organization settings
org:writeUpdate organization settings and configuration
org:adminFull organization administration, including deletion
project:readView projects and their configuration
project:writeCreate projects and update their settings
project:adminDelete projects and manage DSN keys
project:releasesCreate releases, upload source maps, and create deploys
team:readView teams and team membership
team:writeCreate teams and add or remove members
team:adminDelete teams
event:readView issues and raw events
event:writeUpdate issue status, assignee, and other attributes
event:adminDelete issues and events
member:readView organization members and their roles
member:writeInvite members and change member roles
alerts:readView alert rules
alerts:writeCreate, update, and delete alert rules

Revoking tokens

User auth tokens: Go to Settings > Auth Tokens, find the token, and click Revoke. Internal integration tokens: Go to Settings > Developer Settings > Internal Integrations, open the integration, and revoke or rotate the token from there. Revoking a token immediately invalidates it. Any API call using a revoked token receives a 401 Unauthorized response.

Security best practices

Never commit tokens to source control. If you accidentally expose a token, revoke it immediately and generate a new one.
  • Store tokens in environment variables or a secrets manager (such as AWS Secrets Manager, HashiCorp Vault, or GitHub Actions secrets).
  • Grant the minimum scopes required — avoid using org:admin when org:read is sufficient.
  • Use internal integration tokens for automation rather than personal user auth tokens, so access is not tied to any one person’s account.
  • Rotate tokens periodically and after team member offboarding.
  • Audit active tokens regularly in Settings > Auth Tokens and remove any that are no longer needed.

Using a token in your environment

# Store the token in your environment
export SENTRY_AUTH_TOKEN=sntryu_YOUR_TOKEN_HERE

# Use it in curl requests
curl https://sentry.io/api/0/organizations/ \
  -H "Authorization: Bearer $SENTRY_AUTH_TOKEN"

Build docs developers (and LLMs) love

Get started for freeTalk to us