Tokens
A token is a scoped, revocable deploy credential. Use tokens to grant temporary deploy access without sharing your API key.
Available via Web, CLI, SDK, and API.
Shown only once
When you create a token, the response contains the full secret — a token-{64 hex} string. Copy it immediately. It is shown once and cannot be retrieved later. List endpoints return only a short identifier; the full secret is never returned again.
If you lose a token, revoke it and create a new one.
Properties
| Property | Description |
|---|---|
token |
Short identifier for management (full secret returned only on create) |
labels |
Tags for organization (e.g. ci, staging) |
created |
Creation timestamp |
expires |
Expiration time (optional, set via TTL in seconds at creation) |
used |
When the token was last used |
ip |
If set, the token may only be used from this IP. Captured automatically from the first request that uses it |
Tokens vs API Keys
| API Key | Token | |
|---|---|---|
| Lifetime | Persistent | Expires (optional TTL) |
| Usage | Unlimited | Reusable until expiry or revocation |
| Scope | Full account access | Deploy only |
| Per account | One | Unlimited |
| IP lock | No | Optional |
Precedence: When both are present, the token overrides the API key for that request.
Use Cases
CI/CD - Create a token with a short TTL for each pipeline run. It expires automatically.
Collaborators - Share a token instead of your API key. Set a TTL to expire it, or revoke it any time.
Automation - Scoped, auditable, disposable credentials for any tool that deploys on your behalf.
Operations
| Operation | Description |
|---|---|
| Create | Generate a new token with optional TTL and labels |
| List | All active tokens on your account |
| Remove | Revoke a token |