Api tokens
Delete Organization Token
Permanently revokes an API token. Requires admin role.
DELETE /api/organization/tokens/:id
Example (cURL)
curl -X DELETE "$BASE_URL/api/organization/tokens/1" \
-H "Cookie: $SESSION_COOKIE"Response
{ "success": true }Common errors
401 Unauthorizedwhen not authenticated403 Forbiddenwhen not an admin404 Token not foundwhen the token doesn't exist or belongs to another org
Delete Customer Token
Permanently revokes a customer-scoped API token. Users can only delete tokens within their customer scope.
List Customer Tokens
Returns API tokens visible to the current user. Restricted users see only their customer-scoped tokens; admins see all tokens. Tokens are masked — only the first 8 characters are shown.