Skip to content

API Tokens

Requires Basic

API tokens are personal access keys for the REST API: scripts, CI pipelines, and integrations use them to authenticate as you — without a browser login. Every token starts with the prefix inv_, is bound to your account and your tenant, can be restricted to read/write scopes, and can optionally expire automatically. The plaintext value is shown only once — right when it’s created.

API tokens are self-service: every logged-in user manages their own tokens under Administration → API Tokens — regardless of role. A token can never do more than its owner: the account’s role and permissions also apply to the token. Available on all plans.