Access Token Endpoints
Manage API access tokens for programmatic access.
Base Pathβ
/api/access-token
Endpointsβ
List Tokensβ
GET /api/access-token
Authorization: Bearer {token}
Returns all access tokens for the current user/tenant.
Create Tokenβ
POST /api/access-token
Authorization: Bearer {token}
Body:
{
"name": "CI/CD Token",
"expiresAt": "2026-12-31T00:00:00Z",
"scopes": ["read:employees", "write:tasks"]
}
Response:
{
"id": "uuid",
"name": "CI/CD Token",
"token": "gzy_xxxxxxxxxxxxxxxxxxxx",
"expiresAt": "2026-12-31T00:00:00Z"
}
Note: The
tokenvalue is only shown once at creation time. Store it securely.
Revoke Tokenβ
DELETE /api/access-token/:id
Authorization: Bearer {token}
Update Tokenβ
PUT /api/access-token/:id
Authorization: Bearer {token}
{
"name": "Updated Name",
"expiresAt": "2027-06-30T00:00:00Z"
}
Token Usageβ
Use access tokens as Bearer tokens:
curl -H "Authorization: Bearer gzy_xxxxxxxxxxxxxxxxxxxx" \
https://api.example.com/api/employee
Token Scopesβ
| Scope | Description |
|---|---|
read:employees | Read employee data |
write:employees | Modify employee data |
read:tasks | Read tasks |
write:tasks | Create/modify tasks |
read:timesheets | Read time entries |
write:timesheets | Create/modify time entries |
admin | Full admin access |
Related Pagesβ
- Auth Endpoints β JWT authentication
- API Overview β API reference