API tokens — programmatic access to your workspace

Mint and revoke tokens for CI/CD pipelines, agency scripts, or AI agents that need to read or update your policy documents.

API tokens let you call the miniterms API programmatically — from a CI/CD pipeline, a content management script, or an AI agent that pulls your latest policy documents. Tokens authenticate requests to the miniterms REST API without using your account password.

Availability

API access is a feature of paid plans. The API token page is visible to all users but the mint button is gated behind an entitlement check. If you see "API access not available on your current plan," upgrade from id.dekimu.com/billing.

Minting a token

  1. Go to Settings → API tokens.
  2. Click Mint new token.
  3. Give the token a label (e.g. "CI pipeline", "agency script") — this is for your reference only.
  4. Copy the token immediately. miniterms shows the full secret once; after you navigate away it is masked and cannot be recovered.

Store the token in an environment variable or secret manager, not in source code.

Using a token

Include the token as a Bearer header on every API request:

Authorization: Bearer mt_live_...

The API base URL and available endpoints are documented at docs.miniterms.com/api.

Revoking a token

Click Revoke next to any active token on the Settings → API tokens page. Revocation is immediate — any in-flight requests using that token will fail from that point forward. Create a new token if access is needed again.

Security notes

  • Each token is scoped to your workspace only — it cannot read or write other workspaces.
  • Tokens do not expire automatically. Rotate them if you suspect a leak.
  • If you delete your workspace, all tokens are automatically revoked.
Español