On this page

Account tokens

Markdown

Create and manage account tokens for authenticating with the Glossia API.

Account tokens provide a simple way to authenticate API requests without going through the full OAuth flow. They are ideal for scripts, CI/CD pipelines, and personal automation.

Creating a token

  1. Sign in to Glossia and navigate to your account dashboard.
  2. Open the API section from the sidebar.
  3. Click Account tokens, then New token.
  4. Give the token a descriptive name (for example, "CI deploy" or "CLI access").
  5. Choose the scopes that the token needs. Only grant the minimum permissions required.
  6. Set an expiration date or leave it blank for a token that never expires.
  7. Click Create token.

After creation, the full token value is displayed once. Copy it immediately and store it securely. You will not be able to see the full value again.

Using a token

Include the token in the Authorization header of your HTTP requests:

Authorization: Bearer glsa_abc123def456...

For example, using curl:

curl -H "Authorization: Bearer glsa_abc123def456..." \
  https://glossia.ai/api/projects

Account tokens follow the same authorization model as OAuth tokens. The token's scopes define the maximum set of actions it can perform, and resource-level policies still apply based on your account's relationships.

Token format

All account tokens begin with the glsa_ prefix followed by a random hex string. This prefix makes it easy to identify Glossia tokens in logs and secret scanners.

Scopes

Account tokens support the same scopes as OAuth tokens. See the scopes reference for the full list.

When creating a token, select only the scopes your use case requires. For example:

  • A read-only integration needs project:read and voice:read.
  • A CI pipeline that creates projects needs project:read and project:write.
  • A script that manages organization members needs members:read and members:write.

Managing tokens

Viewing tokens

The Account tokens page lists all active tokens with their name, scopes, last-used date, and expiration. Tokens that have never been used show "Never" in the last-used column.

Editing tokens

Click a token's name to edit its name and description. Scopes and expiration cannot be changed after creation. If you need different scopes, create a new token and revoke the old one.

Revoking tokens

To revoke a token, click Revoke on the token list or open the token's edit page and use the Revoke token button in the danger zone. Revoked tokens stop working immediately and cannot be restored.

Security best practices

  • Store tokens securely. Use environment variables or a secrets manager. Never commit tokens to source control.
  • Use short-lived tokens. Set an expiration date whenever possible.
  • Minimize scopes. Grant only the permissions the token actually needs.
  • Rotate regularly. Create new tokens and revoke old ones on a schedule.
  • Monitor usage. Check the "last used" date periodically. Revoke tokens that are no longer in use.
  • Use one token per integration. This way, revoking one token does not break other workflows.

API management

You can also manage account tokens through the REST API and MCP server.

REST API

Method Endpoint Description
GET /api/tokens List active tokens
POST /api/tokens Create a new token
DELETE /api/tokens/:id Revoke a token

MCP

The MCP server exposes list_tokens, create_token, and revoke_token tools that mirror the REST API.