Skip to content

Project Tokens

Project tokens are scoped access tokens that allow external systems to submit data to a specific project. Unlike personal access tokens, a project token carries only narrow, explicitly chosen abilities and is tied to one project — it cannot access any other API endpoints.

Use project tokens to connect CI pipelines, feedback widgets, or monitoring tools that need to submit reports or error events programmatically.

Abilities

When you create a project token, you choose one or more abilities. Each ability adds a scope to the token and unlocks its endpoint:

AbilityScopeAllows
Reportsreport:createPOST /api/projects/{projectId}/reports — submit reports
Error trackingerror-events:writePOST /api/projects/{projectId}/error-events — ingest error events
Project readproject:readGET /api/projects/{projectId}/read and GET /api/projects/{projectId}/read/issues/{issueKey} — read stable project meta and look up issues by key

A token can carry any combination of abilities, so one integration that both submits reports and ingests error events needs only a single secret. A token's abilities are fixed at creation — to change them, create a new token with the right abilities and delete the old one. The Error tracking ability also requires the Error Tracking feature to be enabled for your workspace.

Creating a Token

Project tokens are minted in the kendo app, under each project's settings:

  1. Open the project and go to Settings (/projects/{projectId}/settings).
  2. Scroll to the API Tokens section.
  3. Click Create Token, give it a recognizable Name (e.g. CI/CD Pipeline), and select its Abilities — any combination of Reports, Error tracking, and Project read.
  4. Click Create. The plain-text token is shown only once — copy it immediately into a secure location (CI secrets, environment variables). It cannot be retrieved later.

The token list shows each token's name, abilities, and status; deleting a token there revokes it instantly.

Requires the Project API Tokens feature

The API Tokens section only appears when the Project API Tokens feature is enabled for your workspace. If you don't see it, the feature is off for your plan.

Submitting Reports

Once you have a project token, use it as a Bearer token to submit reports via the Reports API:

bash
curl -X POST https://{tenant}.kendo.dev/api/projects/1/reports \
  -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9..." \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Deployment failed",
    "description": "Build #1234 failed with exit code 1. See logs at ...",
    "author_name": "CI Pipeline"
  }'
json
{
  "id": 1,
  "title": "Deployment failed",
  "description": "Build #1234 failed with exit code 1. See logs at ...",
  "source": 1,
  "author_name": "CI Pipeline",
  "project_id": 1,
  "created_by": null,
  "promoted_issue_id": null,
  "promoted_at": null,
  "dismissed_at": null,
  "order": 0,
  "attachments_count": 0,
  "created_at": "2026-03-20T10:00:00.000000Z",
  "updated_at": "2026-03-20T10:00:00.000000Z"
}

Request Fields

FieldTypeRequiredDescription
titlestringYesReport title, max 255 characters
descriptionstringYesReport description, max 65,535 characters
author_namestringNoName of the external reporter (e.g., service or person)
filesfile[]NoUp to 5 image attachments (jpg, jpeg, png, gif, webp, bmp, tiff; max 3 MB each)

Reports created with a project token automatically have source: 1 (Api) and created_by: null, distinguishing them from manually submitted reports.

Restrictions

Project tokens are intentionally limited:

  • Only the endpoints their abilities grant — a Reports-only token may call only POST .../reports; endpoints of abilities the token lacks respond with 403
  • Only the project they were created for — cross-project requests are rejected
  • Only while the token is active — deactivated tokens are rejected

Common Errors

StatusCause
401Token is invalid, revoked, or expired
403Token does not have the required ability for this endpoint
422Request validation failed, or the token is not linked to (or is inactive for) this project

See Also