Personal API Tokens (PATs) on CircleCI now require an expiration date. All newly created tokens must have an expiry set, with a maximum validity of 1 year.
When creating a new Personal API Token you will be required to set an expiration date. This only applies to new tokens; existing Personal API Tokens created before today are not affected and will continue to work as before.
Long-lived tokens that never expire are a security risk. Requiring an expiration date limits the damage if a token is ever compromised and encourages regular credential rotation as a security best practice.
When creating new tokens going forward, you’ll need to specify an expiration date (max 1 year). We recommend reviewing your existing tokens and planning to rotate them with expiry dates set as part of your regular security practices.