# Create an API token **POST /auth/tokens** Rate-limited to 5 requests per 15 minutes per IP. Tokens are opaque and stored server-side. Scopes are additive; request only what you need. Tokens expire after expires_in_days (default 30, max 90). ## Servers - Production: https://sampleplatform.ccextractor.org/api/v1 (Production) ## Parameters ### Body: application/json (object) - **email** (string(email)) - **password** (string(password)) Not stored or logged. Used only to verify identity. - **token_name** (string) Descriptive label for the token (e.g., local-agent, ci-bot). Must be unique per user. - **expires_in_days** (integer) - **scopes** (array[string]) Requested scopes. Grant only what the client needs. runs:read — list and inspect runs, samples, history. runs:write — trigger, cancel, retry runs. results:read — access expected/actual output, diffs, errors, logs. baselines:write — approve new expected baselines. system:read — queue, infrastructure errors, stack traces, artifacts. ## Responses ### 201 Token created. Store the token value; it will not be shown again. #### Body: application/json (object) - **token** (string) Opaque token value. Store it securely. It will not be shown again. - **token_type** (string) - **token_name** (string) - **scopes** (array[string]) - **expires_at** (string(date-time)) ### 400 Request body or query parameters failed schema validation #### Body: application/json (object) - **code** (string) Machine-readable error code (snake_case) - **message** (string) Human-readable error summary - **details** (object) Structured context for the error. Always an object, never null. Empty object {} when no additional detail is available. ### 401 Invalid credentials #### Body: application/json (object) - **code** (string) Machine-readable error code (snake_case) - **message** (string) Human-readable error summary - **details** (object) Structured context for the error. Always an object, never null. Empty object {} when no additional detail is available. ### 429 Too many requests. Retry after the indicated number of seconds. #### Headers - **Retry-After** (integer) Seconds to wait before retrying - **X-RateLimit-Limit** () Maximum requests allowed in the current window - **X-RateLimit-Remaining** () Requests remaining in the current window - **X-RateLimit-Reset** () Unix timestamp when the rate limit window resets #### Body: application/json (object) - **code** (string) Machine-readable error code (snake_case) - **message** (string) Human-readable error summary - **details** (object) Structured context for the error. Always an object, never null. Empty object {} when no additional detail is available. ### default Unexpected server error #### Body: application/json (object) - **code** (string) Machine-readable error code (snake_case) - **message** (string) Human-readable error summary - **details** (object) Structured context for the error. Always an object, never null. Empty object {} when no additional detail is available. [Powered by Bump.sh](https://bump.sh)