Token Management

Personal Access Tokens and OAuth Client management endpoints

The Token Management API allows you to create and manage authentication methods including Personal Access Tokens (PATs) and OAuth clients. PATs provide a simpler authentication method for scripts and automation, while OAuth clients enable third-party integrations.

Personal Access Tokens vs OAuth:

PATs are simpler - no OAuth flow required
PATs don't expire automatically (unless you set an expiration)
PATs are perfect for scripts, CI/CD, and personal projects
OAuth tokens are better for user-facing applications that need automatic refresh

Available Endpoints

Complete list of token management endpoints:

Endpoint	Method	Purpose	Required Scope
`/api/user/tokens`	GET	List personal access tokens	tokens:read
`/api/user/tokens`	POST	Create personal access token	tokens:write
`/api/user/tokens/:id`	GET	Get token details	tokens:read
`/api/user/tokens/:id`	DELETE	Revoke personal access token	tokens:delete
`/api/user/oauth-clients`	GET	List OAuth clients	tokens:read
`/api/user/oauth-clients`	POST	Create OAuth client	tokens:write
`/api/user/oauth-clients/:id`	GET	Get OAuth client details	tokens:read
`/api/user/oauth-clients/:id`	PUT	Update OAuth client	tokens:write
`/api/user/oauth-clients/:id`	DELETE	Delete OAuth client	tokens:delete
`/api/user/oauth-clients/:id/regenerate-secret`	POST	Regenerate client secret	tokens:write

Personal Access Tokens

Personal Access Tokens (PATs) provide a simpler authentication method for scripts and applications. Unlike OAuth tokens, PATs don't expire automatically and don't require the OAuth flow.

GET

/api/user/tokens

List personal access tokens

List all personal access tokens for the authenticated user.

Bearer Token•Scopes: tokens:read

Request

curl -X GET https://api.tinyrebrand.com/api/user/tokens \
-H "Authorization: Bearer at_1234567890abcdef"

Query Parameters

Name	Type	Description
`start`	number	Pagination offset (default: 0)
`limit`	number	Number of results (default: 10, max: 100)

Response 200

{
"status": 200,
"code": "OK",
"message": "Personal access tokens retrieved successfully",
"data": [
  {
    "id": "507f1f77bcf86cd799439011",
    "name": "CI/CD Pipeline",
    "description": "Token for automated deployments",
    "scopes": ["links:read", "links:write"],
    "lastUsedAt": "2024-07-01T10:30:00.000Z",
    "createdAt": "2024-01-15T08:00:00.000Z"
  }
],
"meta": {
  "total": 3,
  "start": 0,
  "limit": 10
}
}

POST

/api/user/tokens

Create personal access token

Create a new personal access token. The token value is only shown once during creation. Store it securely.

Bearer Token•Scopes: tokens:write

Request

curl -X POST https://api.tinyrebrand.com/api/user/tokens \
-H "Authorization: Bearer at_1234567890abcdef" \
-H "Content-Type: application/json" \
-d '{
  "name": "My API Token",
  "description": "Token for my application",
  "scopes": ["links:read", "links:write", "stats:read"],
  "expiresAt": "2025-01-01T00:00:00.000Z"
}'

Request Body

Token description (max 500 chars) - optional

Response 200

{
"status": 200,
"code": "OK",
"message": "Personal access token created successfully",
"data": {
  "id": "507f1f77bcf86cd799439012",
  "name": "My API Token",
  "description": "Token for my application",
  "scopes": ["links:read", "links:write", "stats:read"],
  "token": "tkn_AbCdEfGhIjKlMnOpQrStUvWxYz0123456789",
  "expiresAt": "2025-01-01T00:00:00.000Z",
  "createdAt": "2024-07-02T12:00:00.000Z"
}
}

GET

/api/user/tokens/:id

Get token details

Get details of a specific personal access token.

Bearer Token•Scopes: tokens:read

Request

curl -X GET https://api.tinyrebrand.com/api/user/tokens/507f1f77bcf86cd799439011 \
-H "Authorization: Bearer at_1234567890abcdef"

Response 200

{
"status": 200,
"code": "OK",
"message": "Personal access token retrieved successfully",
"data": {
  "id": "507f1f77bcf86cd799439011",
  "name": "CI/CD Pipeline",
  "description": "Token for automated deployments",
  "scopes": ["links:read", "links:write"],
  "lastUsedAt": "2024-07-01T10:30:00.000Z",
  "expiresAt": null,
  "isActive": true,
  "isExpired": false,
  "createdAt": "2024-01-15T08:00:00.000Z",
  "updatedAt": "2024-07-01T10:30:00.000Z"
}
}

DELETE

/api/user/tokens/:id

Revoke personal access token

Revoke a personal access token. Revoked tokens cannot be restored. You cannot revoke the token you're currently using.

Bearer Token•Scopes: tokens:delete

Request

curl -X DELETE https://api.tinyrebrand.com/api/user/tokens/507f1f77bcf86cd799439011 \
-H "Authorization: Bearer at_1234567890abcdef"

Response 200

{
"status": 200,
"code": "OK",
"message": "Personal access token revoked successfully"
}

OAuth Clients

OAuth clients enable third-party applications to authenticate with TinyRebrand. Each client has a unique ID and secret, and can be configured with specific scopes and redirect URIs.

GET

/api/user/oauth-clients

List OAuth clients

List all OAuth clients for the authenticated user.

Bearer Token•Scopes: tokens:read

Request

curl -X GET https://api.tinyrebrand.com/api/user/oauth-clients \
-H "Authorization: Bearer at_1234567890abcdef"

Query Parameters

Name	Type	Description
`q`	string	Search query for client name
`start`	number	Pagination offset
`limit`	number	Number of results

Response 200

{
"status": 200,
"code": "OK",
"message": "OAuth clients found successfully",
"data": [
  {
    "id": "507f1f77bcf86cd799439013",
    "clientId": "client_abc123",
    "name": "My App",
    "description": "Third-party integration",
    "scopes": ["links:read", "links:write"],
    "redirectUris": ["https://myapp.com/callback"],
    "isActive": true,
    "createdAt": "2024-01-15T08:00:00.000Z"
  }
],
"meta": {
  "total": 2,
  "start": 0,
  "limit": 10
}
}

POST

/api/user/oauth-clients

Create OAuth client

Create a new OAuth client. The client secret is only shown once during creation. Store the client ID and secret securely.

Bearer Token•Scopes: tokens:write

Request

curl -X POST https://api.tinyrebrand.com/api/user/oauth-clients \
-H "Authorization: Bearer at_1234567890abcdef" \
-H "Content-Type: application/json" \
-d '{
  "name": "My App",
  "description": "Third-party integration",
  "scopes": ["links:read", "links:write"],
  "redirectUris": ["https://myapp.com/callback"]
}'

Request Body

Client description - optional

Response 200

{
"status": 200,
"code": "OK",
"message": "OAuth client created successfully",
"data": {
  "id": "507f1f77bcf86cd799439014",
  "clientId": "client_xyz789",
  "clientSecret": "secret_abcdef123456",
  "name": "My App",
  "description": "Third-party integration",
  "scopes": ["links:read", "links:write"],
  "redirectUris": ["https://myapp.com/callback"],
  "isActive": true,
  "createdAt": "2024-07-02T12:00:00.000Z"
}
}

POST

/api/user/oauth-clients/:id/regenerate-secret

Regenerate client secret

Regenerate the client secret for an OAuth client. The old secret becomes invalid immediately. The new secret is only shown once.

Bearer Token•Scopes: tokens:write

Request

curl -X POST https://api.tinyrebrand.com/api/user/oauth-clients/507f1f77bcf86cd799439013/regenerate-secret \
-H "Authorization: Bearer at_1234567890abcdef"

Response 200

{
"status": 200,
"code": "OK",
"message": "Client secret regenerated successfully",
"data": {
  "id": "507f1f77bcf86cd799439013",
  "clientId": "client_abc123",
  "clientSecret": "secret_newSecret789",
  "name": "My App",
  "isActive": true
}
}

User Endpoints

Links Endpoints