Skip to main content

API Tokens

Personal API tokens authenticate your requests to the Scompler API. Each token carries the permissions of the user who generated it.

Generating a token

  1. Open your project in Scompler
  2. Go to Project Settings → Developers → API Tokens
  3. Click Generate Token
  4. Copy the token immediately — it will not be shown again
warning

Treat your token like a password. Never commit it to version control or share it publicly.

Token lifetime

Tokens are valid for 180 days from the date of generation. Before that window closes, you have two options:

  • Refresh the token via the refreshPublicAccessToken mutation to receive a new token.
  • Generate a new token in the dashboard (required if the current token has already expired).

Using a token

Include the token in the Authorization header of every request:

curl -X POST https://public-api.pro.scompler.com/graphql \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d '{"query": "query { languages(first: 10) { nodes { id name } } }"}'

Refreshing a token

While the token is still valid, send the refreshPublicAccessToken mutation, authenticated with that token, to receive a new one:

curl -X POST https://public-api.pro.scompler.com/graphql \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "mutation($input: RefreshPublicAccessTokenInput!) { refreshPublicAccessToken(input: $input) { data { token expiresAt } errors { message } } }",
    "variables": { "input": { "token": "<your-token>" } }
  }'

Best practices

  • Use environment variables — never hardcode tokens in source code
  • One token per integration — makes it easy to revoke without affecting others
  • Rotate via refresh — schedule a refresh ahead of the 180-day expiry using refreshPublicAccessToken
# .env  (never commit this file)
SCOMPLER_API_TOKEN=your-token-here
const response = await fetch('https://public-api.pro.scompler.com/graphql', {
  method: 'POST',
  headers: {
    Authorization: `Bearer ${process.env.SCOMPLER_API_TOKEN}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ query }),
})

Troubleshooting

UNAUTHENTICATED error

  • Check that the Authorization header is formatted as Bearer <token> (with a space)
  • Verify the token has not expired (tokens last 180 days)

FORBIDDEN error

  • The token belongs to a user who does not have permission for the requested operation
  • Log in as a user with the appropriate project role and generate a new token