Token APIยถ
The Token API allows you to list, create, update or delete your Tinybird Static Tokens.
New to Static Tokens? Read more about them in the Tokens docs.
The :sql_filter suffix on resource-scoped tokens (e.g. DATASOURCES:READ:datasource_name:sql_filter and PIPES:READ:pipe_name:sql_filter) is not supported in Tinybird Forward and will result in an error.
All endpoints require authentication using a Token with TOKENS or ADMIN scope.
- GET /v0/tokens/?ยถ
Retrieves all workspace Static Tokens.
Get all tokensยถcurl -X GET \ -H "Authorization: Bearer <ADMIN token>" \ "https://api.tinybird.co/v0/tokens"
A list of your Static Tokens and their scopes will be sent in the response.
Successful responseยถ{ "tokens": [ { "name": "admin token", "description": "", "scopes": [ { "type": "ADMIN" } ], "token": "p.token" }, { "name": "import token", "description": "", "scopes": [ { "type": "DATASOURCES:CREATE" } ], "token": "p.token0" }, { "name": "token name 1", "description": "", "scopes": [ { "type": "DATASOURCES:READ", "resource": "table_name_1" }, { "type": "DATASOURCES:APPEND", "resource": "table_name_1" } ], "token": "p.token1" }, { "name": "token name 2", "description": "", "scopes": [ { "type": "PIPES:READ", "resource": "pipe_name_2" } ], "token": "p.token2" } ] }
- POST /v0/tokens/?ยถ
Creates a new Token: Static or JWT
Creating a new Static Tokenยถcurl -X POST \ -H "Authorization: Bearer <ADMIN token>" \ "https://api.tinybird.co/v0/tokens/" \ -d "name=test&scope=DATASOURCES:APPEND:table_name&scope=DATASOURCES:READ:table_name"
Request parametersยถ Key
Type
Description
name
String
Name of the token
description
String
Optional. Markdown text with a description of the token.
scope
String
Scope(s) to set. Format is SCOPE:TYPE[:arg][:filter]. This is only used for the Static Tokens
Successful responseยถ{ "name": "token_name", "description": "", "scopes": [ { "type": "DATASOURCES:APPEND", "resource": "table_name" } { "type": "DATASOURCES:READ", "resource": "table_name", "filter": "department = 1"}, ], "token": "p.token" }
When creating a token with
filterwhenever you use the token to read the table, it will be filtered. For example, if table isevents_tableandfilterisdate > '2018-01-01' and type == 'foo'a query likeselect count(1) from events_tablewill becomeselect count(1) from events_table where date > '2018-01-01' and type == 'foo'Creating a new token with filterยถcurl -X POST \ -H "Authorization: Bearer <ADMIN token>" \ "https://api.tinybird.co/v0/tokens/" \ -d "name=test&scope=DATASOURCES:READ:table_name:column==1"
If we provide an
expiration_timein the URL, the token will be created as a JWT Token.Creating a new JWT Tokenยถcurl -X POST \ -H "Authorization: Bearer <ADMIN token>" \ "https://api.tinybird.co/v0/tokens?name=jwt_token&expiration_time=1710000000" \ -d '{"scopes": [{"type": "PIPES:READ", "resource": "requests_per_day", "fixed_params": {"user_id": 3}}]}'
In multi-tenant applications, you can use this endpoint to create a JWT token for a specific tenant where each user has their own token with a fixed set of scopes and parameters
- POST /v0/tokens/(.+)/refreshยถ
Refresh the Static Token without modifying name, scopes or any other attribute. Specially useful when a Token is leaked, or when you need to rotate a Token.
Refreshing a Static Tokenยถcurl -X POST \ -H "Authorization: Bearer <ADMIN token>" \ "https://api.tinybird.co/v0/tokens/:token_name/refresh"
When successfully refreshing a token, new information will be sent in the response
Successful responseยถ{ "name": "token name", "description": "", "scopes": [ { "type": "DATASOURCES:READ", "resource": "table_name" } ], "token": "NEW_TOKEN" }
Request parametersยถ Key
Type
Description
auth_token
String
Token. Ensure it has the
TOKENSscope on itResponse codesยถ Code
Description
200
No error
403
Forbidden. Provided token doesnโt have permissions to drop the token. A token is not allowed to remove itself, it needs
ADMINorTOKENSscope
- GET /v0/tokens/(.+)ยถ
Fetches information about a particular Static Token.
Getting token infoยถcurl -X GET \ -H "Authorization: Bearer <ADMIN token>" \ "https://api.tinybird.co/v0/tokens/:token"
Returns a json with name and scopes.
Successful responseยถ{ "name": "token name", "description": "", "scopes": [ { "type": "DATASOURCES:READ", "resource": "table_name" } ], "token": "p.TOKEN" }
- DELETE /v0/tokens/(.+)ยถ
Deletes a Static Token .
Deleting a tokenยถcurl -X DELETE \ -H "Authorization: Bearer <ADMIN token>" \ "https://api.tinybird.co/v0/tokens/:token"
- PUT /v0/tokens/(.+)ยถ
Modifies a Static Token. More than one scope can be sent per request, all of them will be added as Token scopes. Every time a Token scope is modified, it overrides the existing one(s).
editing a tokenยถcurl -X PUT \ -H "Authorization: Bearer <ADMIN token>" \ "https://api.tinybird.co/v0/tokens/<Token>?" \ -d "name=test_new_name&description=this is a test token&scope=PIPES:READ:test_pipe&scope=DATASOURCES:CREATE"
Request parametersยถ Key
Type
Description
token
String
Token. Ensure it has the
TOKENSscope on itname
String
Optional. Name of the token.
description
String
Optional. Markdown text with a description of the token.
scope
String
Optional. Scope(s) to set. Format is SCOPE:TYPE[:arg][:filter]. New scope(s) will override existing ones.
Successful responseยถ{ "name": "test", "description": "this is a test token", "scopes": [ { "type": "PIPES:READ", "resource": "test_pipe" }, { "type": "DATASOURCES:CREATE" } ] }