> ## Documentation Index
> Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# GitLab Access Token

> Create the GitLab access token CodeAnt AI uses to review merge requests.

<Note>
  The steps on this page are identical for **GitLab Cloud** and **self-hosted GitLab**. Substitute your own GitLab base URL where applicable.
</Note>

## Choose an access token type

CodeAnt AI supports three kinds of tokens. Pick whichever fits your organization best.

<CardGroup cols={3}>
  <Card title="Personal access token" icon="user">
    Issued from your own GitLab user. Fastest to set up, but reviews are attributed to you and access breaks if you leave the org.
  </Card>

  <Card title="Service-account PAT" icon="user-shield">
    **Recommended.** A PAT from a dedicated bot user like `codeant-ai-bot`. Clean attribution, easy to rotate, works on every GitLab tier.
  </Card>

  <Card title="Group access token" icon="users">
    Scoped to a single GitLab group and auto-creates a bot user. Requires GitLab Premium or Ultimate.
  </Card>
</CardGroup>

<Tip>
  We recommend a **service-account personal access token** unless you specifically need a group-scoped token. It works on every GitLab tier and gives you the cleanest separation of access.
</Tip>

### Best practices for the service account

If you go with a service account, set it up like a real user before generating the token:

* Create a new GitLab user with a name like `CodeAnt AI` and a dedicated email address.
* Add the service account to your group with **Maintainer** role on the projects you want reviewed.
* Generate the personal access token from inside the service-account session.

This keeps review comments attributed to the service account and lets you rotate or revoke access without touching individual developer accounts.

## Generate the access token

<Tabs>
  <Tab title="Personal / service-account PAT">
    Sign in as the user (your own account or the service account) and go to:

    **User settings** → **Access tokens** → **Add new token**

    Fill in the details:

    | Field           | Value                     |
    | --------------- | ------------------------- |
    | **Token name**  | `CodeAnt AI`              |
    | **Expiry date** | Ideally 1 year            |
    | **Scopes**      | `api`, `write_repository` |

    Click **Create personal access token** and copy the value before closing the page; GitLab won't show it again.

    <Warning>
      The token inherits whatever access the user has. Make sure the user (or service account) has at least **Maintainer** access to every project you want CodeAnt AI to review.
    </Warning>
  </Tab>

  <Tab title="Group access token">
    From the group's left sidebar:

    **Select group** → **Settings** → **Access tokens** → **Add new token**

    Fill in the details:

    | Field           | Value                     |
    | --------------- | ------------------------- |
    | **Token name**  | `CodeAnt AI`              |
    | **Expiry date** | Ideally 1 year            |
    | **Role**        | `Maintainer`              |
    | **Scopes**      | `api`, `write_repository` |

    Click **Create group access token** and copy the value before closing the page; GitLab won't show it again.

    <Note>
      Group access tokens are scoped to the group they were created in. If you have multiple top-level groups, generate one token per group.
    </Note>
  </Tab>
</Tabs>

<Warning>
  Set the expiry far enough out to cover your intended use. When the token expires, CodeAnt AI stops receiving merge requests until a new token is configured. CodeAnt AI will surface a warning in the sidebar before that happens.
</Warning>

## Save the token in CodeAnt AI

1. Sign in to [app.codeant.ai](https://app.codeant.ai) with GitLab.
2. Open **Settings** → **Configure Token**.
3. Click **Configure token** (or **Reconfigure** if you're replacing an existing one) and paste the access token you generated above.
4. Click **Save & Configure Webhooks**. CodeAnt AI scans your projects, lists the ones missing webhooks, and lets you select which to install — no manual webhook setup in GitLab is required for the default per-project flow.

Once webhooks are installed, CodeAnt AI starts reviewing merge requests on those projects. For the full PR review setup, see [PR Review – GitLab](/pull_request/gitlab/configuration).

## Rotating or replacing the token

When the token is close to expiring, or you need to revoke access:

1. Generate a new token in GitLab using the steps above.
2. In CodeAnt AI, open **Settings** → **Configure Token** and click **Reconfigure**.
3. Paste the new token and save. The old token can now be revoked in GitLab.

To remove CodeAnt AI's access entirely, click **Delete** on the same page, then revoke the token in GitLab.