Skip to main content
The steps on this page are identical for GitLab Cloud and self-hosted GitLab. Substitute your own GitLab base URL where applicable.

Choose an access token type

CodeAnt AI supports three kinds of tokens. Pick whichever fits your organization best.

Personal access token

Issued from your own GitLab user. Fastest to set up, but reviews are attributed to you and access breaks if you leave the org.

Service-account PAT

Recommended. A PAT from a dedicated bot user like codeant-ai-bot. Clean attribution, easy to rotate, works on every GitLab tier.

Group access token

Scoped to a single GitLab group and auto-creates a bot user. Requires GitLab Premium or Ultimate.
We recommend a service-account personal access token unless you specifically need a group-scoped token. It works on every GitLab tier and gives you the cleanest separation of access.

Best practices for the service account

If you go with a service account, set it up like a real user before generating the token:
  • Create a new GitLab user with a name like CodeAnt AI and a dedicated email address.
  • Add the service account to your group with Maintainer role on the projects you want reviewed.
  • Generate the personal access token from inside the service-account session.
This keeps review comments attributed to the service account and lets you rotate or revoke access without touching individual developer accounts.

Generate the access token

Sign in as the user (your own account or the service account) and go to:User settingsAccess tokensAdd new tokenFill in the details:
FieldValue
Token nameCodeAnt AI
Expiry dateIdeally 1 year
Scopesapi, write_repository
Click Create personal access token and copy the value before closing the page; GitLab won’t show it again.
The token inherits whatever access the user has. Make sure the user (or service account) has at least Maintainer access to every project you want CodeAnt AI to review.
Set the expiry far enough out to cover your intended use. When the token expires, CodeAnt AI stops receiving merge requests until a new token is configured. CodeAnt AI will surface a warning in the sidebar before that happens.

Save the token in CodeAnt AI

  1. Sign in to app.codeant.ai with GitLab.
  2. Open SettingsConfigure Token.
  3. Click Configure token (or Reconfigure if you’re replacing an existing one) and paste the access token you generated above.
  4. Click Save & Configure Webhooks. CodeAnt AI scans your projects, lists the ones missing webhooks, and lets you select which to install — no manual webhook setup in GitLab is required for the default per-project flow.
Once webhooks are installed, CodeAnt AI starts reviewing merge requests on those projects. For the full PR review setup, see PR Review – GitLab.

Rotating or replacing the token

When the token is close to expiring, or you need to revoke access:
  1. Generate a new token in GitLab using the steps above.
  2. In CodeAnt AI, open SettingsConfigure Token and click Reconfigure.
  3. Paste the new token and save. The old token can now be revoked in GitLab.
To remove CodeAnt AI’s access entirely, click Delete on the same page, then revoke the token in GitLab.