logto-io · wangsijie · Jul 25, 2025 · Jul 24, 2025
diff --git a/docs/user-management/personal-access-token.mdx b/docs/user-management/personal-access-token.mdx
@@ -20,6 +20,18 @@ After setting up the [Management API](/integrate-logto/interact-with-management-
 
 After creating a PAT, you can use it to grant access tokens to your application by using the token exchange endpoint.
 
+:::tip Token flow equivalency
+
+Access tokens obtained using PATs work **identically** to tokens obtained through the standard `refresh_token` flow. This means:
+
+- **Organization context**: PAT-obtained tokens support the same organization permissions and scopes as refresh token flows
+- **Authorization flow**: You can use PAT-exchanged access tokens for [organization permissions](/authorization/organization-permissions) and [organization-level API resources](/authorization/organization-level-api-resources)
+- **Token validation**: The same validation logic applies - only the initial grant type differs
+
+If you're working with organizations, the access patterns and permissions are the same regardless of whether you use PAT or refresh tokens.
+
+:::
+
 ### Request \{#request}
 
 The application makes a [token exchange request](https://auth.wiki/authorization-code-flow#token-exchange-request) to the tenant's [token endpoint](/integrate-logto/application-data-structure#token-endpoint) with a special grant type using the HTTP POST method. The following parameters are included in the HTTP request entity-body using the `application/x-www-form-urlencoded` format.