Appearance
API Tokens
Personal access tokens authenticate API requests on your behalf. Each token carries read and write scopes, giving full access to all API endpoints your account can reach.
For project-scoped tokens that only allow report creation, see Project Tokens.
Creating a Token
Tokens are managed from your profile settings in the kendo app. When you create a token, the plain-text value is shown only once — copy and store it in a secure location. It cannot be retrieved later.
You can revoke or delete tokens at any time from the same settings page.
Using Your Token
Include the token in the Authorization header of all API requests:
bash
curl https://{tenant}.kendo.dev/api/projects \
-H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9..."Token Scopes
| Scope | Description |
|---|---|
read | Read access to all resources you have permission for |
write | Write access to all resources you have permission for |
Personal tokens always receive both read and write scopes. The scope middleware enforces:
- Safe methods (GET, HEAD, OPTIONS) — require
readorwrite - Unsafe methods (POST, PUT, PATCH, DELETE) — require
write
Your token inherits the same role-based permissions as your account. If you can't access a project in the UI, you can't access it with a token either.
See Also
- API Overview — Base URL, response format, and error handling
- Project Tokens — Scoped tokens for external report submission
- Reports API — Submit and manage feedback reports