API Tokens
API Tokens allow you to authenticate with the PAIStrike API programmatically. Use tokens to integrate PAIStrike into your CI/CD pipelines, custom scripts, or third-party tools.
Accessing API Tokens
- Click your avatar or name in the top-right corner.
- Select Profile Settings.
- Click the API Tokens tab.
Generating a New Token
- Click Generate New Token.
- Enter a token name — a descriptive label to help you remember what this token is used for (e.g.,
CI/CD Pipeline,Automation Script,Zapier Integration). - Optionally set an expiration date. Tokens without an expiration date remain valid indefinitely until revoked.
- Click Generate.
- Copy the token immediately — the full token value is only shown once at creation time.
Security warning: Treat your API token like a password. Do not share it, commit it to version control, or expose it in client-side code. If a token is compromised, revoke it immediately and generate a new one.
Using a Token
Include your API token in the Authorization header of API requests:
Authorization: Bearer YOUR_API_TOKENRefer to the PAIStrike API documentation for available endpoints and request formats.
Viewing Your Tokens
The API Tokens tab lists all tokens you have created:
| Column | Description |
|---|---|
| Name | The label you assigned to the token |
| Created | When the token was generated |
| Last Used | The last time the token was used to make an API request |
| Expires | Expiration date, or "Never" if no expiry was set |
| Status | Active or Revoked |
For security reasons, the full token value is never shown after initial creation. If you lose a token, you must revoke it and generate a new one.
Revoking a Token
To revoke a token and immediately disable its access:
- Find the token in the list.
- Click the Revoke button (or the three-dot menu (⋮) → Revoke).
- Confirm the revocation.
The token is immediately invalidated. Any API request using the revoked token will receive a 401 Unauthorized response.
Token Best Practices
- Use descriptive names: Name tokens by purpose so you can quickly identify and revoke specific ones if needed.
- Set expiration dates: Use short-lived tokens (30–90 days) for automated integrations and rotate them regularly.
- Use one token per integration: Create a separate token for each tool or script. This way, if one integration is compromised, you can revoke only that token.
- Audit regularly: Review your tokens periodically and revoke any that are no longer in use.
- Store securely: Use environment variables or a secrets manager (e.g., AWS Secrets Manager, HashiCorp Vault) to store tokens in automated workflows — never hardcode them.