# Authentication

Specify use a Personal Access Token for the authentication. You can create it from the [dedicated page on the web app](https://specifyapp.com/user/personal-access-tokens). Once you have a personal access token, you can use it in two ways:

### Environment variable *(recommended)*

You can use the environment variable named `SPECIFY_PAT`

```bash
SPECIFY_PAT=xxxxxxxxxxxxxxxxxx specify pull
```

### Flag

If you prefer a flag, you can use `--personal-access-token` or `-p`

```bash
specify --personal-access-token xxxxxxxxxxxxxxxxxx pull
```

### Configuration file *(not recommended)*

You can also write the personal access token directly in the config file.

{% hint style="info" %}
The personal access token in a config file is useful if you need to execute some custom business logic. To stay safe, you should use a library like [`dotenv`](https://github.com/motdotla/dotenv) to store credentials outside of the code.
{% endhint %}

{% tabs %}
{% tab title="JSON" %}

```json
{
    "repository": "<@your-organization/your-repository-name>"
    "version": "2",
    "personalAccessToken": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    "rules": []
}
```

{% endtab %}

{% tab title="JavaScript (CommonJS)" %}

```javascript
module.export = {
  repository: '<@your-organization/your-repository-name>'
  version: '2',
  personalAccessToken: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
  rules: []
}
```

{% endtab %}

{% tab title="JavaScript (ESM)" %}

```javascript
export default {
  repository: '<@your-organization/your-repository-name>'
  version: '2',
  personalAccessToken: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
  rules: []
}
```

{% endtab %}

{% tab title="Typescript" %}

```typescript
import type { SpecifyCLIConfigurationV2File } from '@specifyapp/sdk/bulk"'

const config: SpecifyCLIConfigurationV2File = {
  repository: '<@your-organization/your-repository-name>',
  version: '2',
  personalAccessToken: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
  rules: []
}

export default config;
```

{% endtab %}
{% endtabs %}

If multiple credentials are used together, Specify will choose following this order:

1. the flag
2. the configuration file
3. the environment variable