API Tokens & Automation
API auth tokens provide programmatic access to the JustWorkflowIt API without requiring interactive authentication. Use them for CI/CD pipelines, scripts, and service-to-service integrations.
Creating Tokens
Section titled “Creating Tokens”curl -X POST https://api.justworkflowit.com/organizations/$ORG_ID/api-tokens \ -H "Authorization: Bearer $JWT_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "name": "GitHub Actions", "permissions": ["workflow:version:create", "job:submit", "job:read"] }'The response includes the token value. Save it immediately — it cannot be retrieved again after creation.
Best Practices
Section titled “Best Practices”- Least privilege — only grant the permissions your integration needs
- Descriptive names — name tokens after their purpose (e.g., “CI/CD Pipeline”, “Monitoring Dashboard”)
- Rotate regularly — revoke and recreate tokens periodically
- One token per integration — makes it easy to revoke access for a single system
Token Lifecycle
Section titled “Token Lifecycle”| Operation | Description |
|---|---|
CreateApiAuthToken | Create a new token with specific permissions |
ListApiAuthTokens | List all tokens (values are masked) |
GetApiAuthToken | View token metadata and permissions |
UpdateApiAuthToken | Update name or permissions |
RevokeApiAuthToken | Permanently revoke a token |