Manage tokens stored in api-tokens.json on the server. Raw secrets are never shown after creation.
api-tokens.json
Route access is controlled per HTTP endpoint; the checklist is loaded from /admin/api/permissions (same source as the API enforces).
/admin/api/permissions
← Request logs
Allowed API routes (uncheck to restrict). All checked is stored as legacy search (full access).
search
No tokens yet.
Hash prefix:
Permissions