Skip to main content

Using Function Tokens

Up until now, you used Cape's internal authentication to deploy and run functions. In order to facilitate others (your customers) to run your Cape functions, you can create function tokens.

Tokens can be created statically (long expiration and bundled with your application) or created dynamically (short-lived) and have an owner specified expiration, to support all kinds of use cases.

The function token is signed with private key material generated with the Cape CLI (found at ~/.cape/token.pem) and validated by the Cape runtime, using the associated public key to ensure only the function owner can generate tokens for a respective function.

NOTE: Function Tokens are for access to a single function. If you are trying to create a token for general API access, see Personal Access Tokens.

Creating a function token

After a function has been deployed, you can create a token for it using cape token:

cape token <FUNCTION_ID>

Which produces:

This token will expire in 1h0m0s

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NjMwMjIzOTQsImlhdCI6MTY2MzAxODc5NCwiaXNzIjoiZ2l0aHVifDk1MjM2Mjk1Iiwic2NvcGUiOiJmdW5jdGlvbjppbnZva2UiLCJzdWIiOiJoTW5GZnFCbnB3a0ZrdExhbXJ1RFZmIn0.P3d5U4CBhEYq0zm9a0JJ5QLc_9rPr_Hh1nFAbqHqgCUOYlxvLTJBec3KxvSQ0MG8zLSO3zX1LqWlbWEN63tZbyvSm9Z5S2pSu46Zg6azS_B2GsPV9uxqTTRqEEa-igexBNte4mKkOixo44H5gF-PrbuWIkRy9Q0pF4ozbMwz07cajAYdhG-J5mm8pKpALriXGQJ1kpUTMk9AqKgzuERyAER6CthKeK7AoZVuClGNWSJ-rFuzLysoDrptoBuVwgEi2sq5LlHeHP9mDUu-wCLUG5fily0Jpbf9gzBNs5V-olXyKToipaUQuyq1wqwKrtrYblAqbuYfhM8U0zAm-Na-cA

Note: Your function token will be different.

Or, with an optional expiration (seconds):

cape token <FUNCTION_ID> --expiry 60

Running a function with a function token

You can run a respective function with a function token, using the CLI:

cape run <FUNCTION_ID> --token <TOKEN> ...

Note

We are actively soliciting feedback from our beta. Please use this form to provide feedback.