Skip to main content

Documentation Index

Fetch the complete documentation index at: https://radarhq.io/docs/llms.txt

Use this file to discover all available pages before exploring further.

Personal access tokens (PATs) are per-user bearer credentials. They’re how Cloud authenticates non-browser clients - MCP-aware AI tools (Claude Desktop, Cursor, Claude Code, Codex) and CI scripts hitting the API. PATs:
  • Are per user, per org (pinned at mint time).
  • Carry the user’s role and identity into the request - just like a browser session would.
  • Are revealed once at mint and stored only as a SHA-256 hash on the Hub.
  • Can be revoked instantly.
  • Show up in the audit log on create / use / revoke.

Mint a PAT

Settings → Tokens → New token.
  • Name it something memorable (Claude Desktop on laptop, CI: prod-snapshot).
  • Optionally set an expiry (no default; tokens with no expiry remain valid until revoked).
  • Click Generate.
The token starts with rhp_ and is shown once. Copy it now - you cannot retrieve it later.

Use it - AI clients

The Connect an AI client wizard auto-fills the snippet for the tool you pick. The shape, generically: 
{
  "mcpServers": {
    "radar-prod": {
      "type": "http",
      "url": "https://api.radarhq.io/c/<cluster_id>/mcp",
      "headers": { "Authorization": "Bearer rhp_..." }
    }
  }
}
For full setup snippets (Claude Code, Claude Desktop, Cursor, Windsurf, VS Code, Cline, JetBrains, Codex, Gemini), see AI via MCP.

Use it - HTTP API

curl -H "Authorization: Bearer rhp_..." \
  https://api.radarhq.io/c/<cluster_id>/api/topology
Anything you can do in the UI you can do with a PAT - constrained by your role and your org’s RBAC.

Org pinning

A PAT is bound to one org at mint time, even if the user belongs to multiple. This makes audit trails clean (you know which org a token can act in) and keeps “switch org” semantics out of the MCP / CI surface area. If you need access to multiple orgs, mint one PAT per org.

Rotate

There’s no “rotate in place” - mint a new token, update the consumer, then revoke the old one. The Tokens page lets you see active tokens with their last-used timestamp so you can find stale ones.

Revoke

Settings → Tokens → ⋯ → Revoke. Effective immediately. The next API call from any client using that token returns 401. Revoking emits a pat.revoked audit event.

When a member is removed

If you remove a member from your org, all of their PATs scoped to that org are revoked atomically. PATs they minted in other orgs are unaffected.

Visibility

A user can see and revoke their own PATs. Owners can see, in the audit log, when a PAT was minted by which member, and any subsequent rotations or revocations.

See also