Skip to main content
Last Reviewed: December 09, 2020

Creating and Revoking Machine Tokens

Learn how to create a machine token in order to use Terminus on your Drupal or WordPress site.

Machine tokens are used to uniquely identify your machine and securely authenticate via Terminus.

Machine tokens:

  • Provide the same access as your username and password
  • Do not expire
  • Can only be viewed when you’re creating it
  • Should be revoked when no longer used to help keep your account safe

Create a Machine Token

  1. Go to your Personal Settings and select Machine Tokens.

  2. Click Create Token.

  3. Enter a token name, and click Generate Token.

  4. Copy and save your machine token now, as you will not be able to view or edit it later.

  5. Click I understand to continue.

Machine token ready modal

Authenticate into Terminus

Use your token to authenticate into Terminus, replacing <[email protected]> and <machine_token>:

terminus auth:login --email=<[email protected]> --machine-token=<machine_token>

Machine tokens are keyed to the email address associated with your Pantheon user account. Once a token has been used to authenticate Terminus, future sessions are authenticated with your email address:

terminus auth:login --email <[email protected]>

Switch Between Multiple Pantheon User Accounts

Machine tokens are paired with the email address associated with your Pantheon user account, so you can easily switch between users.

Log in to another account by running:

terminus auth:login --email <[email protected]>

Revoke a Machine Token

For security purposes, we recommend removing tokens from your account when they are no longer used.

  1. Go to your Personal Settings and select Machine Tokens.

  2. Locate the token you want to delete, and click Revoke Token.

  3. Type Revoke, and click I understand the consequences. Revoke this token.

Benefits of Using Machine Tokens

  • Bot users with machine tokens can use Terminus to authenticate to and operate on Pantheon from a continuous integration (CI) server.

  • Users in organizations with SAML Single-Sign On (SSO) can authenticate with Terminus.


Microsoft Edge

Currently, machine tokens cannot be generated using Microsoft Edge browser. As a workaround, generate the token using Mozilla Firefox or Google Chrome, which has been tested as working on Windows 10.

Invalid Token Names

The following token names are not allowed, and will be automatically renamed to "Generic Feature Phone":

  • pantheon hud
  • pantheonHud
  • pantheon-hud

More Resources

The Ins and Outs of Token-Based Authentication