Personal access tokens#

Create and manage personal access tokens for API authentication.

Authentication required

All endpoints require a Bearer token in the Authorization header. See the Authentication guide for setup instructions.

POST /v1/personal-access-tokens#

Create a new personal access token. The plaintext token is only returned once.

bash

POST /v1/personal-access-tokens
Authorization: Bearer {token}
Content-Type: application/json

{
  "name": "My Campaign"
}

Name	Type	Required	Description
name	`string`	Required	Display name for this token.
expiresAt	`string (ISO 8601) \| null`	—	When this token should expire.

Returns { data } with the result.

Underlying SDK method: bw.personalAccessTokens.create(params)

Store the token securely

The plaintext token is only returned in the creation response. It cannot be retrieved again. Store it securely.

List all personal access tokens for the authenticated user.

bash

GET /v1/personal-access-tokens
Authorization: Bearer {token}

Returns { items, totalCount, facets } with paginated results.

Underlying SDK method: bw.personalAccessTokens.list()

Revoke a personal access token, immediately invalidating it.

bash

DELETE /v1/personal-access-tokens/:id
Authorization: Bearer {token}

Name	Type	Required	Description
id	`string (UUID)`	Required	Token identifier to revoke.

Returns { data } with the result.

Underlying SDK method: bw.personalAccessTokens.revoke(params)

Immediate invalidation

Revoking a token immediately invalidates it. Any integrations using this token will stop working. This action cannot be undone.

Rotate a personal access token by revoking the old one and creating a new one.

bash

POST /v1/personal-access-tokens/:id/rotate
Authorization: Bearer {token}

Name	Type	Required	Description
id	`string (UUID)`	Required	Token identifier to rotate (revokes old, creates new).

Returns { data } with the result.

Underlying SDK method: bw.personalAccessTokens.rotate(params)