Appearance
Project Tokens
Project tokens are scoped access tokens that allow external systems to submit reports to a specific project. Unlike personal access tokens, project tokens carry the report:create scope and are tied to a single project — they cannot access any other API endpoints.
Use project tokens to connect CI pipelines, feedback widgets, or monitoring tools that need to create reports programmatically.
Creating a Token
Project tokens are managed from the project settings in the kendo app. Navigate to your project's settings page to create, view, and delete tokens.
When you create a token, the plain-text value is shown only once — copy and store it in a secure location (e.g., CI secrets, environment variables). It cannot be retrieved later.
Submitting Reports
Once you have a project token, use it as a Bearer token to submit reports via the Reports API:
bash
curl -X POST https://{tenant}.kendo.dev/api/projects/1/reports \
-H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9..." \
-H "Content-Type: application/json" \
-d '{
"title": "Deployment failed",
"description": "Build #1234 failed with exit code 1. See logs at ...",
"author_name": "CI Pipeline"
}'json
{
"id": 1,
"title": "Deployment failed",
"description": "Build #1234 failed with exit code 1. See logs at ...",
"source": 1,
"author_name": "CI Pipeline",
"project_id": 1,
"created_by": null,
"promoted_issue_id": null,
"promoted_at": null,
"dismissed_at": null,
"order": 0,
"created_at": "2026-03-20T10:00:00.000000Z",
"updated_at": "2026-03-20T10:00:00.000000Z"
}Request Fields
| Field | Type | Required | Description |
|---|---|---|---|
title | string | Yes | Report title, max 255 characters |
description | string | Yes | Report description, max 65,535 characters |
author_name | string | No | Name of the external reporter (e.g., service or person) |
files | file[] | No | Up to 5 image attachments (jpg, png, gif, webp, bmp, tiff; max 3 MB each) |
Reports created with a project token automatically have source: 1 (Api) and created_by: null, distinguishing them from manually submitted reports.
Restrictions
Project tokens are intentionally limited:
- Only
POST /api/projects/{projectId}/reports— no other endpoints - Only the project they were created for — cross-project requests are rejected
- Only while the token is active — deactivated tokens are rejected
Common Errors
| Status | Cause |
|---|---|
401 | Token is invalid, revoked, or expired |
403 | Token does not have the required scope |
422 | Request validation failed (missing title, wrong project, inactive token) |
See Also
- Reports API — Full report endpoint documentation
- Tokens API — Personal access tokens for full API access