---
title: "Tokens"
description: "REST endpoints for tokens. Bearer-auth required."
section: "API"
group: "REST"
order: 71
---

## POST /api/tokens

Create session token

Creates a short-lived session token scoped to a project and operations. Requires private key (prv\_) auth. Max lifetime 24 hours.

**Request body**

```json
{
  "workspaceId": "string",
  "scopes": {
    "operations?": ["<...>"],
    "entityIds?": ["<...>"]
  },
  "expiresIn?": "string",
  "metadata?": {}
}
```

**Response**

```json
{
  "id": "string",
  "key": "string",
  "keyHint": "string",
  "type": "session",
  "workspaceId": "string",
  "scopes": {
    "operations?": ["<...>"],
    "entityIds?": ["<...>"]
  },
  "expiresAt": "string"
}
```