API Tokens

Personal API tokens authenticate your requests to the Scompler API. Each token carries the permissions of the user who generated it.

Generating a token

Open your project in Scompler
Go to Project Settings → Developers → API Tokens
Click Generate Token
Copy the token immediately — it will not be shown again

warning

Treat your token like a password. Never commit it to version control or share it publicly.

Token lifetime

Tokens are valid for 180 days from the date of generation. After expiry you must generate a new token.

Using a token

Include the token in the Authorization header of every request:

curl -X POST https://public-api.pro.scompler.com/graphql \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d '{"query": "query { languages(first: 10) { nodes { id name } } }"}'

Best practices

Use environment variables — never hardcode tokens in source code
One token per integration — makes it easy to revoke without affecting others
Rotate before expiry — set a calendar reminder before the 180-day mark

# .env  (never commit this file)
SCOMPLER_API_TOKEN=your-token-here

const response = await fetch('https://public-api.pro.scompler.com/graphql', {
  method: 'POST',
  headers: {
    Authorization: `Bearer ${process.env.SCOMPLER_API_TOKEN}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ query }),
})

Troubleshooting

`UNAUTHENTICATED` error

Check that the Authorization header is formatted as Bearer <token> (with a space)
Verify the token has not expired (tokens last 180 days)

`FORBIDDEN` error

The token belongs to a user who does not have permission for the requested operation
Log in as a user with the appropriate project role and generate a new token

Generating a token​

Token lifetime​

Using a token​

Best practices​

Troubleshooting​

UNAUTHENTICATED error​

FORBIDDEN error​