Api tokens
List Organization Tokens
Returns all API tokens for the organization. Tokens are masked — only the first 8 characters are shown. Requires admin role.
GET /api/organization/tokens
Example (cURL)
curl -X GET "$BASE_URL/api/organization/tokens" \
-H "Cookie: $SESSION_COOKIE" \
-H "Accept: application/json"Response
[
{
"id": 1,
"organizationId": 1,
"name": "Production API",
"customerId": null,
"customerName": null,
"lastUsedAt": "2026-04-01T12:00:00.000Z",
"expiresAt": null,
"createdAt": "2026-01-15T10:00:00.000Z",
"tokenHint": "wsm_a1b2c..."
}
]Common errors
401 Unauthorizedwhen not authenticated403 Forbiddenwhen not an admin
List Customer Tokens
Returns API tokens visible to the current user. Restricted users see only their customer-scoped tokens; admins see all tokens. Tokens are masked — only the first 8 characters are shown.
Custom Fields
Define custom metadata fields that can be attached to customers and websites. Custom fields support text, select, and multi-select types.