Project Access Tokens

Managing Project Access Tokens

What is an Access Token?

Access tokens are essential for enabling various data interactions within your Rollbar projects. Each project has its own unique set of access tokens, making them indispensable for routing data through different SDKs.


You can find and administer your project access tokens in Project -> Settings -> Project Access Tokens. Project access tokens can have any or all of the following scopes:

post_server_itemCan perform all POST requests to /deploy/ and /item/. Can also be used to upload source maps (JS, proguard, dSym, flutter)
post_client_itemCan perform POST requests to /item/, but only if the item has a client-side platform (browser, mobile).
readCan perform all GET requests
writeCan perform PATCH and DELETE requests.

New projects are created with four tokens, one with each scope. As client tokens often need to be embedded in publicly visible code (i.e. the HTML source of a page)


A good practice is to use a separate client-side token with post_client_item scope, which only permits event sending from client-side platforms.

Editing and Configuring Tokens

Managing individual tokens is straightforward, and now we've added the ability to edit multiple tokens in bulk for convenience. You'll find various actions that can be performed for each token and options for bulk editing.

Individual Token Actions

Here's a brief rundown of the actions you can perform on each token:

Action Description
Edit Allows you to update the token's configurations, such as title, scope, and rate limits.
Regenerate ​​Generates a new token while keeping the same configurations. The new token will inherit the ‘Active’ status.
Disable Temporarily deactivates the token. The token's status will change to 'Disabled.'
Expire Manually sets the token to an 'Expired' status. The token becomes inoperable but is kept for historical reference.
Delete Permanently removes the token from the Rollbar platform.

Bulk Editing

Bulk editing is a useful feature for managing multiple tokens at once. Select the checkboxes next to the tokens you want to edit to utilize this function. Once selected, an action menu will appear in the table's header, displaying available actions. It's worth noting that the collective status of the tokens selected will determine the options presented. For example, if you choose an 'Active' and an 'Expired' token, the 'Disable' action won't be available since expired tokens can't be disabled. However, actions like 'Delete' and 'Regenerate' will remain accessible since active and expired tokens can undergo these changes.

This new approach streamlines your token management process, making it easier to enact large-scale changes or quickly adjust to new requirements.

Rate Limiting


Rate Limit is only available for Paid Accounts

What is a Rate Limiting?

Rate limiting is the mechanism that restricts the amount of data an access token can send to Rollbar within a specific time window. You can learn more by visiting our rate limiting documentation

System-Defined Rate Limiting

Rollbar imposes a system-defined rate limit of 50,000 API requests per 1 minute, which acts as the upper boundary for data intake.

User-Defined Rate Limiting

For paid users, you can set your rate limits up to the 50,000 API requests per 1-minute system limit. These can be customized for various time frames, including 1 minute, 5 minutes, 30 minutes, 1 hour, 1 day, 1 week, and 30 days.

Token Status

Understanding the status of your access tokens is crucial for effective project management and security. On the project access token page, you'll notice a 'Status' column color-coded to represent the current state of each token. We've introduced five key statuses to guide you:


Active tokens are fully operational and can be employed for all authorized data interactions based on their scopes.


If a token is compromised or being misused, it can be disabled. Once disabled, Rollbar will no longer accept data sent via this token and will return a 403 response code. You can disable a token via the context menu at the end of the token’s row in the table or by bulk-selecting multiple tokens. Disabled tokens can be re-enabled at any time.

Expiring Soon

A token with an ‘Expiring Soon’ status is still fully operational, just like an ‘Active’ token, but has an expiration date within one month. When the expiration date is reached, the token will get an ‘Expired’ status and become inoperable.

You cannot set token expiration dates; it is an internal Rollbar feature used in particular circumstances.


Tokens with an 'Expired' status are inoperable and cannot be reactivated or modified. They are retained in your project records primarily for historical reference. Expired tokens can also be easily regenerated if necessary, retaining their original configurations, such as scope and rate limits.

This feature offers a convenient way to manage your tokens effectively and avoid any potential issues that may arise during your project.

Token Regeneration

Single Token Regeneration

On the project access token page, you'll notice an option to regenerate the expired token in the list item of the token. This feature will regenerate the single token, duplicating the scope, title, and rate limit.

Project Regeneration

On the project access token page, if you have expired tokens, you'll notice an option to "Regenerate Expired Tokens." This feature allows you to regenerate all expired tokens related to that specific project. When a token is regenerated, it will inherit the original token's title, scope, and rate limits but with a new key to replace the expired one.

Account Regeneration

For a more comprehensive approach, Rollbar offers an account-level regeneration feature. On the project list page, a banner will be displayed that allows you to view a modal explaining the step-by-step process of regenerating all expired tokens across all projects within the account. After regenerating, you will be given the option to download a CSV file that contains the details of all newly regenerated tokens. This could be extremely helpful for updating SDKs in one go.