ProjectTokens
GET /{o}/{p}/tokens
List project API tokens
Returns token metadata only — never the secret value.
Auth: Bearer token required · Permission:
tokens:manage
Path parameters
| Name | Type | Description |
|---|---|---|
o | string | |
p | string |
Responses
| Status | Description | Schema |
|---|---|---|
200 | Project tokens (metadata only) | ProjectTokenList |
POST /{o}/{p}/tokens
Create a project API token
Returns the full token value exactly once. Optionally scope to an env and/or cell values.
Auth: Bearer token required · Permission:
tokens:manage
Path parameters
| Name | Type | Description |
|---|---|---|
o | string | |
p | string |
Request body (application/json)
| Field | Type | Description |
|---|---|---|
name | string | (required) |
role | owner | admin | member | viewer | |
expiresAt | string(date-time) | |
envName | string | |
cellScopes | array,null |
Responses
| Status | Description | Schema |
|---|---|---|
201 | Created token (includes the one-time raw value) | ProjectTokenCreated |
400 | No active org or env not found | Error |
401 | Unauthorized | Error |
404 | Organization not found | Error |
DELETE /{o}/{p}/tokens/{tokenId}
Revoke a project API token
Auth: Bearer token required · Permission:
tokens:manage
Path parameters
| Name | Type | Description |
|---|---|---|
o | string | |
p | string | |
tokenId | string |
Responses
| Status | Description | Schema |
|---|---|---|
200 | Revoked | object |
404 | Token not found | Error |
GET /orgs/{orgId}/projects/{projectId}/tokens
List project API tokens
Returns token metadata only — never the secret value.
Auth: Bearer token required · Permission:
tokens:manage
Path parameters
| Name | Type | Description |
|---|---|---|
orgId | string | |
projectId | string |
Responses
| Status | Description | Schema |
|---|---|---|
200 | Project tokens (metadata only) | ProjectTokenList |
POST /orgs/{orgId}/projects/{projectId}/tokens
Create a project API token
Returns the full token value exactly once. Optionally scope to an env and/or cell values.
Auth: Bearer token required · Permission:
tokens:manage
Path parameters
| Name | Type | Description |
|---|---|---|
orgId | string | |
projectId | string |
Request body (application/json)
| Field | Type | Description |
|---|---|---|
name | string | (required) |
role | owner | admin | member | viewer | |
expiresAt | string(date-time) | |
envName | string | |
cellScopes | array,null |
Responses
| Status | Description | Schema |
|---|---|---|
201 | Created token (includes the one-time raw value) | ProjectTokenCreated |
400 | No active org or env not found | Error |
401 | Unauthorized | Error |
404 | Organization not found | Error |
DELETE /orgs/{orgId}/projects/{projectId}/tokens/{tokenId}
Revoke a project API token
Auth: Bearer token required · Permission:
tokens:manage
Path parameters
| Name | Type | Description |
|---|---|---|
orgId | string | |
projectId | string | |
tokenId | string |
Responses
| Status | Description | Schema |
|---|---|---|
200 | Revoked | object |
404 | Token not found | Error |
Schemas
Error
| Field | Type | Description |
|---|---|---|
error | string | (required) |
code | string |
ProjectTokenCreated
| Field | Type | Description |
|---|---|---|
id | string | (required) |
name | string | (required) |
tokenPrefix | string,null | (required) |
role | string,null | (required) |
envName | string,null | (required) |
cellScopes | array,null | (required) |
expiresAt | string | string | null | (required) |
enabled | boolean | |
createdAt | string | string | (required) |
token | string | (required) |
ProjectTokenList
Type: object[]