API Tokens & Intents
API v2 uses token-based authentication with a granular permission system called intents.
Creating a Token
- Log in to the admin dashboard
- Navigate to Settings > API Tokens
- Click Create Token
- Give the token a name and select the required intents
- Copy the generated token — it will not be shown again
Token Authentication
All API v2 requests (except /healthy) must include the token in the TOKEN header:
bash
curl -H "TOKEN: your-token" https://your-server.com/api/v2/licensesIntents Reference
| Intent | Permission |
|---|---|
PRODUCTS_READ | Read products |
PRODUCTS_READ_WRITE | Read and write products |
LICENSE_VALIDATE | Validate licenses |
LICENSES_READ | Read licenses |
LICENSES_READ_WRITE | Read and write licenses |
BLACKLISTS_READ | Read blacklist entries |
BLACKLISTS_READ_WRITE | Read and write blacklist entries |
REQUESTS_READ | Read license request history |
CUSTOMERS_READ | Read customers |
ALL_READ | Read everything |
ALL_READ_WRITE | Full access to everything |
Security Notes
- Tokens are stored as BCrypt hashes
- Token values are shown only once at creation
- Revoke tokens from the dashboard at any time
- Use the principle of least privilege — grant only the intents a token needs