Skip to main content
API tokens (service-account tokens) let external programs and agents call the Solya API on behalf of your organization. This page covers managing them; for how to use one, see Authentication.

Managing tokens

1

Open API tokens

Go to Settings → API tokens (requires org.settings.edit).
2

Create a token

Name it, select the permissions it should carry, and optionally set an expiry. Copy the solya_sa_… value once — only its last characters are shown afterwards.
3

Revoke when needed

Revoke a token at any time; revocation is immediate.

Limits & rules

  • Up to 50 active tokens per organization.
  • Optional expiry, up to 365 days (or “never expires”).
  • Permissions are fixed at creation — to change them, revoke and recreate.
  • Name, description, and expiry can be edited; the secret cannot be retrieved again.
  • Tokens are organization-scoped and stored only as a hash.
A token can do whatever its permissions allow, with no human in the loop. Grant the minimum it needs, store it in a secret manager, and rotate it before expiry.