API Tokens
What API tokens are for
API tokens allow an external integration to call the Kitemesh API with a controlled scope.
What can be defined
When creating a token, the main settings usually include:
- a name
- an optional expiration date
- accessible groups
- accessible tools
- accessible resources
Access scope
The scope is more expressive than a simple allow or deny. It can be defined in terms of:
- all groups or an explicit selection
- all tools or an explicit selection
- all resources or an explicit selection
Specific items can also be excluded from a broader set.
Secret shown only once
The full token secret is shown only at creation time. Plan the handoff and secret storage process accordingly.
When to create multiple tokens
Separate tokens are useful when:
- several integrations have different needs
- access should be separated by application
- one integration may need to be revoked without affecting the others
Revoke a token
Revoking a token removes its access without affecting other tokens created for the same team.
Good practices
- Name each token after the integration that uses it.
- Set an expiration when possible.
- Limit groups, tools, and resources to the smallest useful scope.
- Review token usage regularly.