#PersonalTokens

---

#GET /orgs/{id}/personal-tokens

List the current user's personal tokens for an org

Session-authed (not token-auth). Returns metadata only — never the secret value.

Auth: Bearer token required

Path parameters

Name	Type	Description
id	string

Responses

Status	Description	Schema
200	Personal tokens (metadata only)	PersonalTokenList
401	Unauthorized	Error
403	Forbidden	Error

---

#POST /orgs/{id}/personal-tokens

Create a personal token

Session-authed. The raw token is returned exactly once in the response and is never retrievable again.

Auth: Bearer token required

Path parameters

Name	Type	Description
id	string

Request body (application/json)

Field	Type	Description
name	string	(required)
expiresAt	string(date-time)

Responses

Status	Description	Schema
201	Created token (includes the one-time raw value)	PersonalTokenCreated
400	Invalid request (e.g. expiresAt out of range)	Error
401	Unauthorized	Error
403	Forbidden	Error

---

#DELETE /orgs/{id}/personal-tokens/{tokenId}

Revoke a personal token

Session-authed. A user can only revoke their own personal tokens for the org.

Auth: Bearer token required

Path parameters

Name	Type	Description
id	string
tokenId	string

Responses

Status	Description	Schema
200	Revoked	object
401	Unauthorized	Error
403	Forbidden	Error
404	Token not found	Error

#Schemas

#Error

Field	Type	Description
error	string	(required)
code	string

#PersonalTokenCreated

Field	Type	Description
id	string	(required)
name	string	(required)
tokenPrefix	string,null	(required)
expiresAt	string | string | null	(required)
enabled	boolean
createdAt	string | string	(required)
lastUsedAt	string | string | null
token	string	(required)

#PersonalTokenList

Type: object[]