Skip to main content
POST
https://api.voxmind.ai
/
organisations
/
{orgId}
/
api-tokens
# Issue a production token with a 90-day expiry
curl -X POST https://api.voxmind.ai/organisations/42/api-tokens \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "friendly_name": "production-server-01",
    "expires_at": "2025-06-01T00:00:00Z",
    "enabled": true
  }'
{
  "bearer": "eyJjbGllbnRfaWQiOiJZekV6TUdkb01ISm5PSEJpT0cxaWJE...",
  "token": {
    "id": 8,
    "subject": "org_42",
    "audience": "PUBLIC_API",
    "algorithm": "HS256",
    "friendly_name": "production-server-01",
    "expires_at": "2025-06-01T00:00:00Z",
    "not_before": null,
    "enabled": true,
    "created_at": "2025-03-01T09:00:00Z",
    "updated_at": "2025-03-01T09:00:00Z"
  }
}

Overview

Creates a new API token for your organisation. The bearer field in the response is the raw token string you’ll use in Authorization: Bearer headers — this is the only time it will ever be returned. Voxmind stores only a hashed version and cannot retrieve it for you. Copy it to your secrets manager immediately.
Save the bearer token immediately. After the creation response, the raw token value is permanently inaccessible. If you lose it, you’ll need to issue a new token and revoke the lost one.

Path Parameters

orgId
string
required
Your organisation’s unique identifier.

Request Body

friendly_name
string
A human-readable label to identify this token. Use descriptive names that reflect where the token is used — production-api-server, staging-integration, avaya-webhook-handler. Makes auditing and rotation significantly easier.
expires_at
string (datetime)
Optional expiry time in UTC ISO 8601 format. If omitted, the token never expires. Voxmind recommends setting an expiry and implementing a rotation schedule for production tokens.
not_before
string (datetime)
Optional. The earliest time from which the token is valid. Useful when pre-generating a replacement token ahead of a planned rotation.
enabled
boolean
default:"true"
Whether the token is active at creation. Typically true — use false only if you’re pre-generating a token for future activation.
# Issue a production token with a 90-day expiry
curl -X POST https://api.voxmind.ai/organisations/42/api-tokens \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "friendly_name": "production-server-01",
    "expires_at": "2025-06-01T00:00:00Z",
    "enabled": true
  }'
{
  "bearer": "eyJjbGllbnRfaWQiOiJZekV6TUdkb01ISm5PSEJpT0cxaWJE...",
  "token": {
    "id": 8,
    "subject": "org_42",
    "audience": "PUBLIC_API",
    "algorithm": "HS256",
    "friendly_name": "production-server-01",
    "expires_at": "2025-06-01T00:00:00Z",
    "not_before": null,
    "enabled": true,
    "created_at": "2025-03-01T09:00:00Z",
    "updated_at": "2025-03-01T09:00:00Z"
  }
}