Generate Service Account Credentials and API Tokens for Projects
How to generate a username and password for service account and generate a new project token and API secret across all project ids ?
How to generate a username and password for service account and generate a new project token and API secret across all project ids ?
Hi event, Please stand by as I search the Mixpanel knowledge base for an AI-powered answer. I normally take about 15 seconds or so. In case AI cannot answer your question, feel free to reach out to Mixpanel support at mixpanel.com/get-support. If you have follow-up questions for this thread, please tag me again with your question: @kapa.ai <follow-up question> 👋
Feel free to ask a follow-up question once I've answered by mentioning me with @kapa.ai
Short answer: - Service account username/secret: Create a service account at the org or via API; Mixpanel returns the username and the secret (token) once—store it immediately. You can then add it to projects with roles. [Service Accounts; Create Service Account] - Project Token: View in each project’s Access Keys in Project Settings. Tokens can’t be self-reset; contact Support to rotate. [Managing Projects] - API Secret: View in each project’s Access Keys; can be reset per project from Personal Settings → Projects → Your Projects → Reset. [Managing Projects]Details and how-tos: 1) Create a service account (gets username + secret) - UI: Organization Settings → Service Accounts → Create. You’ll choose project access/roles; the secret is shown once—save it. [Service Accounts] - API: POST /organizations/{organizationId}/service-accounts with body { "username": "...", optional "projects": <<https://github.com/mixpanel/docs/raw/main/openapi/src/service-accounts.openapi.yaml%7C>{ "id": <project_id/, "role": "admin|analyst|..." }], "expires": ... }. Response includes the service account id, username, and a token (secret). Store the token securely; it cannot be recovered. [[Create Service Account> ] - Add to more projects later: POST /organizations/{organizationId}/service-accounts/add-to-project with service_account_ids and projects [{id, role}]. [Add to projects]2) Authenticate with the service account - Use HTTP Basic Auth with username:secret for Mixpanel APIs that require it. [Service Accounts]3) Get or rotate project tokens and API secrets across projects - Project Token: - Where to find: Project Settings → Access Keys in each project. [Managing Projects] - Rotation: Tokens cannot be reset programmatically or self-served; contact Mixpanel Support to reset. There’s no doc for a bulk/all-projects token rotation API. [Managing Projects] - API Secret:
- Where/How to reset: Personal Settings → Projects → Your Projects → Reset (per project). The docs do not describe an API to reset all projects’ API secrets in bulk. [Managing Projects]What’s not in the docs: - There’s no documented endpoint to bulk-generate new project tokens or API secrets across all project IDs. - Service Accounts API OpenAPI snippets show request/response shapes but list “This operation does not require authentication,” which is likely a spec omission; separate docs state you must be Owner/Admin to manage service accounts. [Service Accounts API overview]If you share your organization ID and the list of project IDs/desired roles, I can draft exact API request bodies to create the service account and add it to all projects.
kapa.ai is still learning and improving, please let me know how I did by reacting below.
ℹ️ Tip: Mention @kapa.ai in the thread for follow-ups or DM the app for 1-to-1 help.
Let me check the knowledge base for you again. One moment! 📚
Short answer: Yes—access is managed per project. Remove the user/service account’s membership (or team grant) from the project you want to restrict.Ways to remove access: - Remove the user/service account from the project in Project Settings → Project Users. This only affects that project. [Overview] - If access is granted via a Team, remove the project from the Team’s assignments or remove the user/service account from the Team; only Org Owners/Admins can remove team-granted access. [Overview; Teams] - For service accounts, you can also remove them from projects via API: POST /organizations/{organizationId}/service-accounts/remove-from-project with the target project IDs and service_account_ids. [Remove from projects]
kapa.ai is still learning and improving, please let me know how I did by reacting below.
ℹ️ Tip: Mention @kapa.ai in the thread for follow-ups or DM the app for 1-to-1 help.
Let me check the knowledge base for you again. One moment! 📚
Yes. You can create one service account for Project A and a separate service account for Project B, grant each only to its respective project, and authenticate exports with the corresponding account and project_id. This keeps access and exported data fully separated.How to set it up: - Create service accounts and grant project-specific roles only to the intended project(s). You can do this in Org/Project Settings or via the API when creating or adding to projects. [Service accounts; Create service account API; Add to projects API] - For Raw Data Export, authenticate with the service account and include the correct project_id in the request; if your org uses Data Views, ensure the account has access to the global workspace and include workspace_id. This prevents cross-project export. [Raw export auth; Export auth (workspaces)]Notes: - Project access is isolated per membership. Removing a service account from a project immediately revokes access to that project’s data. [Overview] - Keep development vs. production in separate projects for clean separation; do not reuse tokens or accounts across both if you want hard isolation. [Separate dev data]
kapa.ai is still learning and improving, please let me know how I did by reacting below.
ℹ️ Tip: Mention @kapa.ai in the thread for follow-ups or DM the app for 1-to-1 help.
Let me check the knowledge base for you again. One moment! 📚
It depends on what the person (or service account) needs to do.- To manage access and roles (invite/remove users, add service accounts, assign roles): assign Organization Owner or Organization Admin. [Permissions]- For per‑project access: - Owner: full control, including transfer/reset/delete and manage users. [Project roles] - Admin: almost full control (cannot delete/reset project). Can invite users and create service accounts. [Project roles] - Analyst: build and export most reports; cannot manage project users. [Project roles] - Consumer: view-only (can’t download reports). [Project roles]- For service accounts used with APIs: - Create/manage service accounts: requires Org Owner/Admin. [Permissions] - Grant a service account to a project with the least-privilege role needed (e.g., Analyst for analytics/reporting, Admin if it must create users/service accounts, Owner only if it must manage/reset the project). [Service accounts; Project roles]Tip: If you need to restrict visibility of sensitive properties, also control Classified Data access when assigning project membership or via Teams. [Teams]
kapa.ai is still learning and improving, please let me know how I did by reacting below.
ℹ️ Tip: Mention @kapa.ai in the thread for follow-ups or DM the app for 1-to-1 help.
Let me check the knowledge base for you again. One moment! 📚
It depends on what they need to do. Assign the minimum required: - If they must manage members, roles, projects, or service accounts across the org: Organization Owner or Organization Admin. [Permissions] - Per project: - Owner: full control incl. transfer/reset/delete, manage users. [Project roles] - Admin: manage almost everything (cannot delete/reset), can invite users and create service accounts. [Project roles] - Analyst: analyze, create/export reports; no user management. [Project roles] - Consumer: view-only (can’t download/export). [Project roles]For creating/assigning service accounts: you must be Org Owner/Admin; then grant the service account the least-privilege project role it needs (e.g., Analyst for read/analysis, Admin if it must manage users). [Permissions; Service accounts]
kapa.ai is still learning and improving, please let me know how I did by reacting below.
ℹ️ Tip: Mention @kapa.ai in the thread for follow-ups or DM the app for 1-to-1 help.
Let me check the knowledge base for you again. One moment! 📚