Docs/API tokens
API tokens
API tokens let external tools talk to Status Harbor. Mint and manage them under Settings → API Tokens.
Scopes
Three scopes, picked at creation time and not changeable afterwards:
| Scope | What it can do | When you'd use it |
|---|---|---|
account | Ping a cron-style heartbeat check | Sending pings from a scheduled job |
team:admin | Everything the dashboard can do, as the user who minted it | Terraform provider, scripted automation |
lighthouse:write | Reserved for the Lighthouse agent | Minted automatically when you create a Lighthouse — you don't pick this manually |
Lifecycle
- Mint — pick a name and scope. Optionally set an expiry. The full token is shown once; copy it before you close the panel. Status Harbor only stores the SHA-512 hash.
- Regenerate — invalidates the old token, returns a new one under the same name and ID.
- Revoke —
Delete. Calls with that token start failing immediately.
The token's last_used_at timestamp updates on each
authenticated call so you can spot dormant tokens.
team:admin and ownership
A team:admin token authenticates as the user who minted it. If
that user is removed from the team, the token is orphaned and
calls start failing. Mint these from a service account-style
user (or an owner who isn't going to leave) if you depend on the
token long-term.
Using a token
Authorization: Bearer <token> header on requests. The Terraform
provider reads it from STATUSHARBOR_API_TOKEN or the
api_token provider attribute. See the
Terraform setup page for the full HCL.