# Profile & Settings ## Your profile Click your **avatar** in the top-right corner and select **Profile** to view and edit your account details. You can update: * **First name** and **Last name** * **Email address** * **Timezone** — Rockhopper auto-detects your browser timezone, but you can override it here. Timestamps throughout the app (versions, comments, change log entries) display in your chosen timezone. * **Avatar** — Click your avatar image to upload a new photo. Images are resized to 256 x 256 pixels automatically. Maximum file size is 5 MB. Click **Save** when you're done. The button is only enabled when you have unsaved changes. ![Profile Settings page with avatar, name, email, and timezone fields](/files/QAFMf3MTvyv6YGwn9rK7) ## Access Tokens Access Tokens let you connect external tools — like an AI assistant or the [Postman workspace](/it-setup/mcp-postman-workspace.md) — to your Rockhopper account. Navigate to **Avatar → Access Tokens** or go directly to [app.rockhopper.co/settings/access-tokens](https://app.rockhopper.co/settings/access-tokens). ### Creating a token 1. Click **Create token** 2. Give the token a descriptive **name** (e.g. "Cursor MCP", "Claude Desktop") 3. Choose a **scope**: * **Read-only** — the token can view files, versions, comments, and reviews but cannot make changes * **Read-write** — the token can also post comments, open review requests, approve reviews, and update file descriptions 4. Set an **expiry** — 30, 60, 90, 180, or 365 days 5. Click **Create** {% hint style="warning" %} The token value is shown **only once**. Copy it immediately — Rockhopper cannot retrieve it later. The clipboard auto-clears after 30 seconds for security. {% endhint %} Start with **read-only** scope. Only upgrade to read-write if you have a workflow that genuinely needs write access. ### Managing tokens ![Personal Access Tokens page showing active tokens](/files/aCJ0TDCpPB8VQAyVpeJc) The Access Tokens page shows all your active tokens with: | Column | What it shows | | ------------- | -------------------------------------------------------------- | | **Name** | The label you gave the token | | **Token** | A masked prefix (e.g. `rh_pat_abc1...`) — never the full value | | **Scope** | `read-only` or `read-write` badge | | **Expires** | When the token stops working | | **Last used** | When the token was last used to call the API | ### Revoking a token Click **Revoke** next to any token to disable it immediately. A confirmation dialog appears before the token is deleted. Revoked tokens cannot be restored — you'll need to create a new one. Revoke a token if: * You suspect it has been exposed or compromised * The tool or integration it was created for is no longer in use * You want to rotate tokens as a routine security practice {% hint style="info" %} For web-based AI clients (Claude.ai, ChatGPT), you don't use a PAT — you sign in through Rockhopper's normal SSO flow. The gateway issues short-lived session tokens (\~30 minutes) that auto-rotate. These sessions also appear on the Access Tokens page, prefixed with `gateway:`. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.rockhopper.co/product-guide/profile-and-settings.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.