API Keys
API keys are credentials used to authenticate requests. Keys are scoped to your account and can target any board you own.
Endpoints
| Method | Route | Description |
|---|---|---|
GET | /v1.0/tokens | List all active API keys. |
POST | /v1.0/tokens | Issue a new API key. |
DELETE | /v1.0/tokens/{tokenId} | Revoke an API key. |
Issuing tokens
Tokens can be issued through the admin portal or via the API. The token value is only returned once at creation time — store it securely.
Using tokens
Include the token in the X-Api-Key header of every API request:
X-Api-Key: <your-api-key>
Revoking tokens
Revoking a token takes effect immediately. Any subsequent requests using a revoked token will receive a 401 Unauthorized response.
Token values are only shown once at creation time. If you lose a token, revoke it and issue a new one.