TokenOne®
Docs / Developer

REST API reference

The authenticated surface under api.tokenone.io/api/. All endpoints require a JWT from POST /auth/login or a to_live_ API key on proxy routes.

Authentication

JWT (customer cloud + admin APIs)

POST /auth/login
{ "email": "you@example.com", "password": "..." }

Response:
{
  "success": true,
  "data": {
    "user": { "id": "...", "email": "...", "name": "..." },
    "tokens": {
      "accessToken": "<15min JWT>",
      "refreshToken": "<7-day JWT>"
    }
  }
}

API keys (proxy + external)

Generate to_live_* / to_dev_* keys via the integrations panel in customer-cloud. Pass as Authorization: Bearer or the provider-native header on proxy routes.

Grouped endpoints

TokenOne Delivery® Workspace

  • POST /tokenone/projects · create a project
  • GET /tokenone/projects · list (?includeArchived=true optional)
  • PATCH /tokenone/projects/:id · rename / describe / retag
  • POST /tokenone/projects/:id/stage · flip build / live
  • POST /tokenone/projects/:id/archive · toggle archived flag
  • POST /tokenone/projects/:id/cold/move / /restore · tiering
  • POST /tokenone/projects/:id/export · AES-256 encrypted export
  • GET /tokenone/projects/:id/handoff · markdown handoff package
  • GET /tokenone/projects/:id/events · SSE stream (see /docs/sse)

Connectors

  • POST /connectors/:type/authorize · returns OAuth URL
  • GET /connectors/oauth/:provider/callback · handled by browser
  • POST /connectors/database/connect · paste connection string (non-OAuth)
  • GET /connectors/:projectId · list active credentials
  • DELETE /connectors/:projectId/:credentialId · revoke
  • GET /connectors/_public/providers · provider catalogue

Membership

  • GET/POST /projects/:id/members · list / invite
  • PATCH /projects/:id/members/:memberId/role
  • DELETE /projects/:id/members/:memberId

Wallet + commercial

  • GET /wallet/balance · tenant wallet total
  • GET /tokenone/summary · 30-day burn / savings roll-up
  • GET /tokenone/projects/:id/recent-upstream-picks · for provider-badge rendering

Admin

  • GET /admin/settings / POST / DELETE
  • GET /admin/runtime-config/status
  • GET /admin/commercial-levers / PUT /:name / GET /:name/history
  • GET /admin/commercial-levers/llm-call-log/export
  • GET /admin/smart-router-flip/status

Response shape

Every endpoint returns { success: boolean, data?: T, error?: string }.