API keys
API tokens let you call the InboxOps REST API on behalf of the workspace. You create tokens in Settings → API keys and use them with Authorization: Bearer <token>.
Create a token
- Click Create API token (or equivalent). Give it a label if the UI asks (for your own reference). The token value is shown once at creation; copy and store it securely. You cannot retrieve the full token again.
Use the token
- Send it in the Authorization header:
Authorization: Bearer <your-token>. - Send the workspace ID in the x-workspace-id header for all workspace-scoped requests. The token is valid only for the workspace it was created in.
Revoke a token
- In the API keys list, revoke (delete) a token when it’s no longer needed. Revoked tokens stop working immediately.
- API:
DELETE .../api-tokens/:tokenId.
Security
- Do not share tokens or commit them to version control. Rotate tokens if they may have been exposed.
- Only admin users can create or revoke API tokens. See API — Authentication and API — Workspace management.