Skip to main content
CodeAnt API tokens authenticate you to CodeAnt. Use one anywhere a CI pipeline or a script needs to talk to CodeAnt — coverage upload, automated scans, quality gates, or the REST API. A single CodeAnt token replaces the per-platform VCS access tokens (GitHub PAT, GitLab token, Bitbucket access token, Azure DevOps PAT) you previously pasted into pipelines. You create it once in CodeAnt and reuse it everywhere.
A CodeAnt token authenticates to CodeAnt, not to your Git provider. It always starts with the prefix cdt_ and is scoped to a single provider + organization.

Create a token

  1. Open CodeAnt AI and go to Settings → API tokens.
  2. Click Create token.
  3. Check the Bound to chip — it shows the provider and organization the token will belong to. Tokens are scoped to the workspace you’re currently in, so switch workspaces first if you need a token for a different organization.
  4. Give the token a descriptive name (for example ci-coverage or automation-token). Names can be up to 60 characters.
  5. Click Create token.
  6. Copy the token immediately. It starts with cdt_ and is shown only once — for security, the full value is never displayed again. Store it in your secret manager or CI secret store. CodeAnt only keeps the last 4 characters for identification.
If you lose a token, you can’t recover it — create a new one and revoke the old one.

Use a token

CI pipelines Add the token to your pipeline as a secret, then pass it as the access-token input of the CodeAnt coverage, scan, or quality-gate step. See: REST API Send the token as a bearer token in the Authorization header: 
export CODEANT_API_TOKEN=cdt_xxxxxxxxxxxx   # your CodeAnt token

curl https://api.codeant.ai/... \
  -H "Authorization: Bearer $CODEANT_API_TOKEN"

Manage and revoke tokens

Settings → API tokens lists every token for the current workspace, each showing a masked value (cdt_••••last4), the provider and organization it’s bound to, when it was created, and whether it’s Active or Revoked. To revoke a token, hover over it and click the trash icon, then confirm Delete token. Revocation is immediate and irreversible — any client still using that token loses access right away.
To rotate a token without downtime, create the new token first, update your CI secrets to use it, and only then revoke the old one.