Account
Your own account settings, reachable from your name at the bottom of the nav.
- Sessions — every device where you're signed in (with last-seen and IP). Revoke one, or "sign out everywhere". Sessions are server-side and revalidated on every request, so revoking one logs that device out at once — web and mobile alike.
- API keys — personal access tokens (
pat_…) for machine/CLI access, scoped to a subset of your own permissions and revocable. (Partner-facing keys are minted separately — see Partner API → Authentication.) - Two-factor — enroll in TOTP and manage recovery codes; when enabled, sign-in becomes two-step.