The recommended way to access your Azure DevOps project is to use personal access tokens (PAT). PAT is like a combination of a user name and a password that are valid for a certain time only and can have restricted access to your Azure DevOps resources.

To create a personal access token, you have to follow the following steps:

1. Sign in to your organization in Azure DevOps.

2. From your home page, open your profile. Go to your security details.

3. Select + New Token.

4. Name your token, select the organization where you want to use the token, and then choose a lifespan for your token.

5. Select the scopes for this token to authorize for your specific tasks.

6. Click Create.

7. When you're done, make sure to copy the token. For your security, it won't be shown again. Use this token as your password.

Pre-requisites:

If you select Custom defined access, then you must select the below options:

1. Code: Select at least Read or any other option, except status, so that we are able to enable the pull request.
2. Member Entitlement Management: Select at least the Read option, so that we are able to fetch users, i.e. reviewers; and can perform approval-related operations.

Limitations:

When we generate PAT with custom defined access, we won't be able to see DIFF of a pull request. This is because the Diff API is not supported with custom access option.

We can only see Diff if PAT is generated with Full access.