Appearance
Manage and use personal access tokens
A personal access token (PAT) authenticates scripts and applications with the Lumicast API as you. Unlike a workspace API key, which is tied to a single workspace and role, a token acts with the permissions you hold in every workspace you belong to.
WARNING
A token can do everything your account can. Treat it like a password — never share it, and give it the smallest scope and shortest lifetime that still works.
Creating a token
- Open your account Settings.
- Go to the Access tokens tab.
- Click Create token.
- Give the token a name, then choose:
- Scope — Full access (everything you can do, in every workspace you belong to) or Read-only (can read data but never modify it).
- Expiration — 30, 60, or 90 days, or no expiration.
- Click Create. Copy the token value shown — for security it is only displayed once and cannot be retrieved again.
Every token value starts with the lcp_ prefix.
Using a token
The base URL for the API is https://api.lumicast.com. Authenticate your requests by adding an Authorization header:
http
Authorization: Bearer <YOUR_TOKEN>Refer to the Lumicast API documentation for the full list of endpoints.
INFO
A read-only token may only perform read requests. Any request that creates, changes, or deletes data is rejected.
Rotating a token
Rotating generates a new token value and keeps the name, scope, and expiry. The previous value stops working immediately, so update anything using the token with the new value. Use the rotate action next to a token in the list, then copy the new value (again shown only once).
Revoking a token
Use the delete action next to a token to revoke it. Anything still using that token loses access immediately.