Appearance
Project Tokens
Project tokens are scoped access tokens that allow external systems to submit data to a specific project. Unlike personal access tokens, a project token carries only narrow, explicitly chosen abilities and is tied to one project — it cannot access any other API endpoints.
Use project tokens to connect CI pipelines, feedback widgets, or monitoring tools that need to submit reports or error events programmatically.
Abilities
When you create a project token, you choose one or more abilities. Each ability adds a scope to the token and unlocks its endpoint:
| Ability | Scope | Allows |
|---|---|---|
| Reports | report:create | POST /api/projects/{projectId}/reports — submit reports |
| Error tracking | error-events:write | POST /api/projects/{projectId}/error-events — ingest error events |
| Project read | project:read | GET /api/projects/{projectId}/read and GET /api/projects/{projectId}/read/issues/{issueKey} — read stable project meta and look up issues by key |
A token can carry any combination of abilities, so one integration that both submits reports and ingests error events needs only a single secret. A token's abilities are fixed at creation — to change them, create a new token with the right abilities and delete the old one. The Error tracking ability also requires the Error Tracking feature to be enabled for your workspace.
Creating a Token
Project tokens are minted in the kendo app, under each project's settings:
- Open the project and go to Settings (
/projects/{projectId}/settings). - Scroll to the API Tokens section.
- Click Create Token, give it a recognizable Name (e.g.
CI/CD Pipeline), and select its Abilities — any combination ofReports,Error tracking, andProject read. - Click Create. The plain-text token is shown only once — copy it immediately into a secure location (CI secrets, environment variables). It cannot be retrieved later.
The token list shows each token's name, abilities, and status; deleting a token there revokes it instantly.
Requires the Project API Tokens feature
The API Tokens section only appears when the Project API Tokens feature is enabled for your workspace. If you don't see it, the feature is off for your plan.
Submitting Reports
Once you have a project token, use it as a Bearer token to submit reports via the Reports API:
bash
curl -X POST https://{tenant}.kendo.dev/api/projects/1/reports \
-H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9..." \
-H "Content-Type: application/json" \
-d '{
"title": "Deployment failed",
"description": "Build #1234 failed with exit code 1. See logs at ...",
"author_name": "CI Pipeline"
}'json
{
"id": 1,
"title": "Deployment failed",
"description": "Build #1234 failed with exit code 1. See logs at ...",
"source": 1,
"author_name": "CI Pipeline",
"project_id": 1,
"created_by": null,
"promoted_issue_id": null,
"promoted_at": null,
"dismissed_at": null,
"order": 0,
"attachments_count": 0,
"created_at": "2026-03-20T10:00:00.000000Z",
"updated_at": "2026-03-20T10:00:00.000000Z"
}Request Fields
| Field | Type | Required | Description |
|---|---|---|---|
title | string | Yes | Report title, max 255 characters |
description | string | Yes | Report description, max 65,535 characters |
author_name | string | No | Name of the external reporter (e.g., service or person) |
files | file[] | No | Up to 5 image attachments (jpg, jpeg, png, gif, webp, bmp, tiff; max 3 MB each) |
Reports created with a project token automatically have source: 1 (Api) and created_by: null, distinguishing them from manually submitted reports.
Restrictions
Project tokens are intentionally limited:
- Only the endpoints their abilities grant — a Reports-only token may call only
POST .../reports; endpoints of abilities the token lacks respond with403 - Only the project they were created for — cross-project requests are rejected
- Only while the token is active — deactivated tokens are rejected
Common Errors
| Status | Cause |
|---|---|
401 | Token is invalid, revoked, or expired |
403 | Token does not have the required ability for this endpoint |
422 | Request validation failed, or the token is not linked to (or is inactive for) this project |
See Also
- Reports API — Full report endpoint documentation
- Error Events API — Ingest application errors via a project token
- Tokens API — Personal access tokens for full API access