API Tokens REST API

List all API tokens for a user. Only the authenticated user themselves and server admins have access to this endpoint. By default, the tokens are sorted in alphabetical order by name. The HTTP response header `X-Total-Count` contains the total number of tokens.

Headers

---

Set to application/json.

---

Set to Bearer BENCHER_API_KEY, where BENCHER_API_KEY is a valid Bencher API key (or a deprecated API token).

Path Parameters

---

The slug or UUID for a user.

Query Parameters

---

The direction to sort by. If not specified, the default sort direction is used.

Default: asc

One of: asc, desc

---

The page number to return. If not specified, the first page is returned.

Default: 1

---

The number of items to return per page. If not specified, the default number of items per page (8) is used.

Default: 8

---

The field to sort by. If not specified, the default sort field is used.

Default: name

One of: name

---

Filter by token name, exact match.

---

If set to `true`, only returns revoked tokens. If not set or set to `false`, only returns non-revoked tokens.

---

Search by token name, slug, or UUID.

Bencher Cloud	https://api.bencher.dev
Bencher Self-Hosted	http://localhost:61016

View OpenAPI Spec

DEPRECATED: User API tokens have been deprecated in favor of user API keys, so this endpoint always fails with a `403 Forbidden` error. Create a user API key instead: <https://bencher.dev/docs/explanation/bencher-run/#--key-key> Existing API tokens continue to work and can still be viewed, updated, and revoked.

Headers

---

Set to application/json.

---

Set to Bearer BENCHER_API_KEY, where BENCHER_API_KEY is a valid Bencher API key (or a deprecated API token).

Path Parameters

---

The slug or UUID for a user.

Body Parameters

---

The name of the token. Maximum length is 64 characters.

---

The time-to-live (TTL) for the token in seconds. If not provided, the token will not expire for over 128 years.

Bencher Cloud	https://api.bencher.dev
Bencher Self-Hosted	http://localhost:61016

View OpenAPI Spec

View an API token for a user. Only the authenticated user themselves and server admins have access to this endpoint.

Headers

---

Set to application/json.

---

Set to Bearer BENCHER_API_KEY, where BENCHER_API_KEY is a valid Bencher API key (or a deprecated API token).

Path Parameters

---

The UUID for a token.

---

The slug or UUID for a user.

Bencher Cloud	https://api.bencher.dev
Bencher Self-Hosted	http://localhost:61016

View OpenAPI Spec

Update an API token for a user. Only the authenticated user themselves and server admins have access to this endpoint.

Headers

---

Set to application/json.

---

Set to Bearer BENCHER_API_KEY, where BENCHER_API_KEY is a valid Bencher API key (or a deprecated API token).

Path Parameters

---

The UUID for a token.

---

The slug or UUID for a user.

Body Parameters

---

The new name of the token. Maximum length is 64 characters.

Bencher Cloud	https://api.bencher.dev
Bencher Self-Hosted	http://localhost:61016

View OpenAPI Spec

Revoke an API token for a user. Revocation is terminal: a revoked token can no longer authenticate any request, and the revocation cannot be undone (for security — a leaked JWT must not become valid again). Only the authenticated user themselves and server admins have access to this endpoint.

Headers

---

Set to application/json.

---

Set to Bearer BENCHER_API_KEY, where BENCHER_API_KEY is a valid Bencher API key (or a deprecated API token).

Path Parameters

---

The UUID for a token.

---

The slug or UUID for a user.

Bencher Cloud	https://api.bencher.dev
Bencher Self-Hosted	http://localhost:61016

View OpenAPI Spec