Authorization header of every request. Tokens provide a static credential suitable for server-side integrations, scripts, CI/CD pipelines, and automation.
Looking for MCP authentication? MCP clients use OAuth 2.1 for interactive sign-in. See MCP Authentication for details.
Bearer Token Authentication
Include your token in theAuthorization header:
rp_ prefix for easy identification.
Creating Tokens
Tokens are managed from Organizations > Settings > Tokens. Only users with the Admin or Owner role can create and delete tokens.Navigate to Settings > Tokens
Open your organization from the Dashboard, click Settings, then select the Tokens tab.
Configure the token
Provide a descriptive name, select the project the token should access, and choose an expiration period:
| Option | Duration |
|---|---|
| 1 Day | Expires after 1 day |
| 7 Days | Expires after 7 days |
| 30 Days | Expires after 30 days |
| 60 Days | Expires after 60 days |
| 90 Days | Expires after 90 days |
| Never | Token does not expire |
Token Scope
Tokens can be scoped at two levels:- Project-scoped — the token can only access data belonging to its assigned project. This is the default when creating a token.
- Organization-scoped — the token can access all projects within the organization.
- Organization-level endpoints (e.g., listing projects): A project-scoped token returns only its assigned project. An organization-scoped token returns all projects.
- Project-level endpoints (e.g., listing contracts): The token’s project scope must match the requested
projectId.
Permission Requirements
| Action | Required Role |
|---|---|
| Create a token | Admin, Owner |
| Delete a token | Admin, Owner |
| Use a token (API requests) | Any (token-based) |