Skip to content
Prodgy - An AI Agent platform made for Product Ops Prodgy Wiki

API Tokens

Guide

What are API Tokens?

Section titled “What are API Tokens?”

API tokens are authentication credentials that allow external systems to access product resources via API. Each token is linked to a specific product and can be configured with an expiration date.

Accessing Token Management

Section titled “Accessing Token Management”

To manage a workspace’s API tokens:

  1. Go to the workspace configuration page (gear button in the navbar)
  2. Click the API Tokens tab

Creating a Token

Section titled “Creating a Token”

To create a new API token:

  1. Click Create Token
  2. Fill in the fields:
FieldRequiredDescription
Token nameYesCustom identifier for the token
ExpirationNoExpiration date and time (optional)
  1. Click Create
  2. The full token will be displayed in the dialog

Viewing Tokens

Section titled “Viewing Tokens”

Each token is displayed as a card with the following information:

InformationDescription
NameToken identifier
PrefixFirst 8 characters of the token (e.g., prod_abc...)
Created atCreation date and time
ExpirationExpiration date and time, or “Never” if not set
UsageNumber of API calls made with the token
StatusActive or Inactive

Available Actions

Section titled “Available Actions”

Each token has the following actions:

ActionDescription
CopyCopies the token prefix to the clipboard
RegenerateGenerates a new token, invalidating the previous one
Activate/DeactivateToggles the token status between active and inactive
RevokePermanently deactivates the token

Token Status

Section titled “Token Status”
StatusDescription
ActiveFunctional token, can be used for API calls
InactiveDeactivated token, does not accept API calls
ExpiredToken past expiration date (automatically inactive)
RevokedToken was explicitly revoked by the user

Available APIs

Section titled “Available APIs”

With a valid API token, you can access the following resources:

ResourceEndpointOperations
Agents/api/agent-baseList, install, update, delete
Agent Executions/api/agent-base/{id}/executionsList
Webhooks/api/webhook/*Send events
Integrations/api/integrations-baseList, create, update, delete
Knowledge Base/api/knowledge-baseList, search
Triggers/api/agent-base/triggersList, execute, details
Assistant Chat/api/assistant/chatChat (SSE), history
Storage/api/knowledge-base/storageUpload, download, delete, list

Security Best Practices

Section titled “Security Best Practices”
  • Never share tokens in public repositories or source code
  • Use descriptive names to easily identify the purpose of each token
  • Configure expiration dates whenever possible
  • Revoke tokens that are no longer in use
  • Use one token per application for easier tracking and revocation