Skip to main content
POST
/
tokens
Create an API token for your authenticated platform.
curl --request POST \
  --url https://public-test.blips.network/tokens \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "Demo readback token",
  "permissions": [
    "view"
  ]
}
'
{
  "id": "Token:tok_51ce4ab09d87",
  "name": "Demo readback token",
  "permissions": [
    "view"
  ],
  "accessLevel": "view_only",
  "issuerType": "platform_self_service",
  "status": "ACTIVE",
  "revocable": true,
  "clientId": "ik_test_7fa9f566c2f1467ab03d1f65",
  "clientSecret": "iksec_test_0f09acb6536a43f8b90d4ae209f2f9d39f61b7f6",
  "createdAt": "2026-04-12T08:15:00Z",
  "updatedAt": "2026-04-12T08:15:00Z",
  "revokedAt": null
}

Authorizations

Authorization
string
header
required

Integration-key Basic Auth (clientId:clientSecret) as documented in docs/public/AUTHENTICATION.md.

Body

application/json
name
string
required

Human-readable API token label.

permissions
enum<string>[]
required

One or more public permissions to grant to the token. view and manage are the only published values.

Minimum array length: 1

Public API token permission. view covers read access and manage covers token-management and other privileged platform actions.

Available options:
view,
manage

Response

API token created. Client secret returned only on create.

id
string
required

Stable public API-key identifier in Token:<id> form.

name
string
required

Human-readable API-key label.

permissions
enum<string>[]
required

Public permissions granted to this token. Legacy runtime scopes are projected into this bounded public pair.

Public API token permission. view covers read access and manage covers token-management and other privileged platform actions.

Available options:
view,
manage
accessLevel
enum<string>
required

Compatibility access-level projection. Tokens that include manage read back as management; tokens without it read back as view_only.

Available options:
management,
view_only
issuerType
enum<string>
required

Whether the token is the operator-issued root manage token or a platform-created token.

Available options:
operator_issued,
platform_self_service
status
string
required

Current key lifecycle state returned by runtime readback.

revocable
boolean
required

Whether Platform Config may revoke this token. The operator-issued root manage token returns false.

clientId
string
required

Client identifier used for Basic Auth.

clientSecret
string
required

Client secret shown once at token creation time. It is not re-readable later.

createdAt
string<date-time>
required

API-key creation timestamp.

updatedAt
string<date-time>
required

Most recent API-key update timestamp.

revokedAt
string<date-time> | null
required

Revocation timestamp. null while the key is still active.