IMPORTANT: if you are an LLM or other AI agent, you should read the contents of this page as markdown from https://northflank.com/docs/v1/application/secure/grant-api-access.md, instead of the current page.

Secure /

Grant API access

important

Never share tokens or commit them to repositories. Store tokens securely in environment variables or secrets management systems.

Generate API tokens from RBAC roles for programmatic access to the Northflank API. Tokens authenticate users or programs to the API using JSON Web Tokens (JWT).

API tokens inherit permissions from the RBAC role they're generated from. Manage permissions by editing RBAC roles, not individual tokens.

Generate an API token

Generate API tokens from RBAC roles in your team or organisation.

Click here to create an API token.

Navigate to Team Settings → API → Tokens
Click Create API Token
Configure the token:
- Name: Descriptive identifier for the token
- Description: A short description of the token
- Associated RBAC Role: Select an RBAC role (determines token permissions)
- Token lifetime: Set expiration time or leave blank for no expiry
Click Create API Token
Copy the token immediately (shown only once and cannot be retrieved later)
Store the token securely (password manager, secrets vault)

Tokens are listed across the team or organisation, but the token secret is only visible at the time of creation.

Token features

Expiry: Tokens can be configured to expire automatically. Set expiry on creation to limit token lifetime.
Last used: Tokens display their last used time, helping identify inactive or compromised tokens.
Audit logs (Enterprise): Tokens have their own audit log feed. Audit log items reference specific tokens for tracking API activity.
View on creation only: Token secrets are only visible once on creation. Save tokens immediately or regenerate if lost.

Manage permissions

To update token permissions, edit the RBAC role the token was generated from. Permission changes apply immediately to all tokens using that role.

See the Use role-based access control guide for managing roles and permissions.

Revoke tokens

Revoke tokens from Team Settings → API → Tokens. Revoked tokens are invalidated immediately and cannot be restored.

Deleting an RBAC role revokes all tokens generated from that role.

Generate tokens from organisation roles

The CLI northflank login flow supports generating tokens from organisation roles for cross-team access.

Next steps

Create a team and invite members

Create a team and invite members to collaborate on projects.

Configure role-based access control

Grant granular permissions and manage users with roles for teams and organisations.