Issue API Token

# Issue a production token with a 90-day expiry
curl -X POST https://api.voxmind.ai/organisations/42/api-tokens \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "friendly_name": "production-server-01",
    "expires_at": "2025-06-01T00:00:00Z",
    "enabled": true
  }'

{
  "bearer": "eyJjbGllbnRfaWQiOiJZekV6TUdkb01ISm5PSEJpT0cxaWJE...",
  "token": {
    "id": 8,
    "subject": "org_42",
    "audience": "PUBLIC_API",
    "algorithm": "HS256",
    "friendly_name": "production-server-01",
    "expires_at": "2025-06-01T00:00:00Z",
    "not_before": null,
    "enabled": true,
    "created_at": "2025-03-01T09:00:00Z",
    "updated_at": "2025-03-01T09:00:00Z"
  }
}

POST

organisations

{orgId}

api-tokens

# Issue a production token with a 90-day expiry
curl -X POST https://api.voxmind.ai/organisations/42/api-tokens \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "friendly_name": "production-server-01",
    "expires_at": "2025-06-01T00:00:00Z",
    "enabled": true
  }'

{
  "bearer": "eyJjbGllbnRfaWQiOiJZekV6TUdkb01ISm5PSEJpT0cxaWJE...",
  "token": {
    "id": 8,
    "subject": "org_42",
    "audience": "PUBLIC_API",
    "algorithm": "HS256",
    "friendly_name": "production-server-01",
    "expires_at": "2025-06-01T00:00:00Z",
    "not_before": null,
    "enabled": true,
    "created_at": "2025-03-01T09:00:00Z",
    "updated_at": "2025-03-01T09:00:00Z"
  }
}

Overview

Creates a new API token for your organisation. The bearer field in the response is the raw token string you’ll use in Authorization: Bearer headers — this is the only time it will ever be returned. Voxmind stores only a hashed version and cannot retrieve it for you. Copy it to your secrets manager immediately.

Save the bearer token immediately. After the creation response, the raw token value is permanently inaccessible. If you lose it, you’ll need to issue a new token and revoke the lost one.

Path Parameters

orgId

string

required

Your organisation’s unique identifier.

Request Body

friendly_name

string

A human-readable label to identify this token. Use descriptive names that reflect where the token is used — production-api-server, staging-integration, avaya-webhook-handler. Makes auditing and rotation significantly easier.

expires_at

string (datetime)

Optional expiry time in UTC ISO 8601 format. If omitted, the token never expires. Voxmind recommends setting an expiry and implementing a rotation schedule for production tokens.

not_before

string (datetime)

Optional. The earliest time from which the token is valid. Useful when pre-generating a replacement token ahead of a planned rotation.

enabled

boolean

default:"true"

Whether the token is active at creation. Typically true — use false only if you’re pre-generating a token for future activation.

# Issue a production token with a 90-day expiry
curl -X POST https://api.voxmind.ai/organisations/42/api-tokens \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "friendly_name": "production-server-01",
    "expires_at": "2025-06-01T00:00:00Z",
    "enabled": true
  }'

{
  "bearer": "eyJjbGllbnRfaWQiOiJZekV6TUdkb01ISm5PSEJpT0cxaWJE...",
  "token": {
    "id": 8,
    "subject": "org_42",
    "audience": "PUBLIC_API",
    "algorithm": "HS256",
    "friendly_name": "production-server-01",
    "expires_at": "2025-06-01T00:00:00Z",
    "not_before": null,
    "enabled": true,
    "created_at": "2025-03-01T09:00:00Z",
    "updated_at": "2025-03-01T09:00:00Z"
  }
}

List API Tokens Get Token

Documentation Index

​Overview

​Path Parameters

​Request Body

Overview

Path Parameters

Request Body