Project Access Tokens

Managing Project Access Tokens

What is an Access Token?

Access tokens are essential for enabling various data interactions within your Rollbar projects. Each project has its own unique set of access tokens, making them indispensable for routing data through different SDKs.


You can find and administer your project access tokens in Project -> Settings -> Project Access Tokens. Project access tokens can have any or all of the following scopes:

post_server_itemCan perform all POST requests to /deploy/ and /item/. Can also be used to upload source maps (JS, proguard, dSym, flutter)
post_client_itemCan perform POST requests to /item/, but only if the item has a client-side platform (browser, mobile).
readCan perform all GET requests
writeCan perform PATCH and DELETE requests.

New projects are created with four tokens, one with each scope. As client tokens often need to be embedded in publicly visible code (i.e. the HTML source of a page)


A good practice is to use a separate client-side token with post_client_item scope, which only permits event sending from client-side platforms.


Each token can also be configured in the following ways:

Title: A title can be added for easy identification.
Scope: Depending on the token's intended use, you can modify the scope.
User-Defined Rate Limit: Custom rate limits can be set if you're a paid user.
Disabling or Deleting: Tokens can be easily disabled or deleted as needed.

Rate Limiting


Rate Limit is only available for Paid Accounts

What is a Rate Limiting?

Rate limiting is the mechanism that restricts the amount of data an access token can send to Rollbar within a specific time window. You can learn more by visiting our rate limiting documentation

System-Defined Rate Limiting

Rollbar imposes a system-defined rate limit of 50,000 API requests per 1 minute, which acts as the upper boundary for data intake.

User-Defined Rate Limiting

For paid users, you can set your rate limits up to the 50,000 API requests per 1-minute system limit. These can be customized for various time frames, including 1 minute, 5 minutes, 30 minutes, 1 hour, 1 day, 1 week, and 30 days.

Disabling Tokens

If a token is compromised or being misused, it can be disabled. Once disabled, Rollbar will no longer accept data sent via this token and will return a 403 response code. You can disable a token by clicking the edit button and selecting the disabled checkbox. Disabled tokens will be displayed in a separate list with the ability to configure or re-enable tokens.

Expired Tokens

An expired token is a particular case of access tokens that can no longer be used to interact with the Rollbar platform. Unlike other types of tokens, expired tokens can neither be re-enabled nor have their configurations modified. However, they can be regenerated or deleted based on the user's requirements.

Single Token Regeneration

On the project access token page, if you have expired tokens, you'll notice an option to regenerate the expired token in the list item of the token. This feature will regenerate the single token, duplicating the scope, title, and rate limit.

Project Regeneration

On the project access token page, if you have expired tokens, you'll notice an option to "Regenerate Expired Tokens." This feature allows you to regenerate all expired tokens related to that specific project. When a token is regenerated, it will inherit the original token's title, scope, and rate limits but with a new key to replace the expired one.

Account Regeneration

For a more comprehensive approach, Rollbar offers an account-level regeneration feature. On the project list page, a banner will be displayed that allows you to view a modal explaining the step-by-step process of regenerating all expired tokens across all projects within the account. After regenerating, you will be given the option to download a CSV file that contains the details of all newly regenerated tokens. This could be extremely helpful for updating SDKs in one go.