Api tokens
Create Organization Token
Creates a new API token. The full token is returned only once — store it securely. Requires admin role.
POST /api/organization/tokens
Request Body
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
name | string | Yes | — | Token display name (1–255 chars) |
expiresInDays | number | No | null | Days until expiration (1–365). Null = no expiration. |
customerId | number | No | null | Scope token to a specific customer (must belong to your org) |
Example (cURL)
curl -X POST "$BASE_URL/api/organization/tokens" \
-H "Cookie: $SESSION_COOKIE" \
-H "Content-Type: application/json" \
-d '{
"name": "Production API",
"expiresInDays": 90
}'Response
{
"id": 1,
"name": "Production API",
"token": "wsm_a1b2c3d4e5f6...",
"lastUsedAt": null,
"expiresAt": "2026-07-15T10:00:00.000Z",
"createdAt": "2026-04-15T10:00:00.000Z"
}Common errors
400 Invalid customer IDwhen customerId doesn't belong to your organization401 Unauthorizedwhen not authenticated403 Forbiddenwhen not an admin