Skip to main content

Personal Access Tokens

Personal access tokens are the recommended way to authenticate with Cape when using one of the Cape SDKS or the CLI. Personal access tokens are used to identify you (the token creator) when making a request to the Cape API.

Creating a Personal Access Token

You can create personal access tokens with the Cape CLI. Tokens can be created using cape token create.

cape token create --name my-token --description 'for use in the javascript sdk'
Success! Your token: <token string>

When creating tokens, you must specify a name with --name (or -n for short). It is also recommended that you specify a description with --description (or -d for short) so you know what each token is used for.

Token Format

The token returned from the cape token create command is a JSON Web Token (JWT) which has the following format

{
  "aud": ["cape-api"],
  "iat": 1673366154,
  "iss": "https://capeprivacy.com",
  "jti": "jyjS3x9S9TgNEVaVaR2P2P",
  "nbf": 1673366154,
  "sub": "<user id>"
}

Viewing Your Tokens

Each token that you create can be viewed with cape token list.

NOTE: The JWT will not be returned when fetching tokens after creating them. The JWT string itself is not stored by Cape Privacy and thus cannot be recovered after it is created.

┌────────────────────────┬──────────┬───────────────────────────────┬───────────────────┐
│ ID                     │ NAME     │ DESCRIPTION                   │ CREATED AT        │
├────────────────────────┼──────────┼───────────────────────────────┼───────────────────┤
│ jyjS3x9S9TgNEVaVaR2P2P │ my-token │ for use in the javascript sdk │ Jan 10 2023 11:55 │
└────────────────────────┴──────────┴───────────────────────────────┴───────────────────┘

Deleting a Token

You can delete tokens with cape token delete <token id>

cape token delete jyjS3x9S9TgNEVaVaR2P2P
Deleted token jyjS3x9S9TgNEVaVaR2P2P

Once a token is deleted, the JWT that was issued when cape token create was called can no longer be used to access the Cape API. This effectively revokes the token.

Using Personal Access Tokens

You can use personal access tokens with the Cape CLI and JavaScript SDK, as well as PyCape v3.0 and higher.

CLI

On the CLI, personal access tokens can be used by passing your token to each command with the --token flag.

cape run <function id> --token <jwt>

Cape JS

In Cape JS, you pass your JWT as the accessToken parameter when you instantiate your Cape instance

const authToken = "<your jwt from the cape token create command>";
const client = new Cape({ authToken });
const result = await client.run({ functionID, data });