Creating an Access Token

To upload packages or install private ones via the pckgs.io UI client within Unity Editor, you’ll need an access token. This token securely authenticates your client with pckgs.io without using your personal login credentials.

Access tokens are stored directly on your device by the Unity UI Client, and they automatically apply to all Unity projects you open on that device. This means your tokens have no relation to specific Unity project files, so you never have to worry about accidentally pushing them to version control.

Understanding Access Token Permissions

• Inherited Permissions: A token’s permissions are restricted to what its owner (you) can do in each organization it’s given access to. For example, if you only have read access to Organization A, a token you create for Organization A will also only have read access, even if you grant it write permission.
• Permission Specificity: When a token has conflicting permissions, the most specific rule overrides broader ones. For instance, if a token can ‘read all packages’ but is explicitly denied access to a particular package, the specific denial will be enforced, allowing fine-grained control over individual resources.
• Allowed Operations: For security, tokens only allow reading and writing (uploading/publishing) packages. They cannot delete packages or organizations.

It’s a best practice to grant the least privilege necessary for the token’s task.

---

Prerequisites

Before creating an access token, you must have:

• A registered pckgs.io user account. (If you don’t have one, see Creating An Account & Signing In).
• You must be at least a member of one organization on pckgs.io. (If you need to create one, see Creating an Organization).

---

How to Create an Access Token

1. Once you’re signed in, go to Create Access Token Page.
2. Fill in Access Token Details

• Token Name *

  A unique name for this token

  Enter a unique name for this access token to clearly identify its purpose among your other tokens.

• Description (optional)

  You may provide optional notes or context about the token’s usage for future reference.

• Expiration (optional)

  Select

  Setting an optional expiration date enhances security by automatically invalidating the token, reducing indefinite risk if compromised. If no date is set, the token will never expire and must be manually revoked. For automated or short-term usages, setting an expiration is highly recommended.

• Organization Accesses

  No Organization Selected

  This section allows you to define which of your organizations your access token can interact with. By default, no organizations are selected for the token. To grant access, click the plus (+) button to select from the organizations you are a member of. Once an organization is added to the list, you can then configure the specific package access permissions (e.g., read, write) that this token will have within that particular organization. This data can be edited any time after creating the token.

3. Review all the details you've entered and click the Create button at the bottom of the page.
4. Your access token has been successfully created and is now ready for use.

Important: Your access token will be displayed ONLY ONCE. Copy it immediately and store it in a secure location. If you lose this token you will need to delete it and create a new one.