Access Token API

Base URL: https://access-token.sls.epilot.io
API Docs: https://docs.epilot.io/api/access-token

Generate Access Tokens for 3rd party applications that need access to epilot APIs.

Quick Start

# List available operations
epilot access-token

# Call an operation
epilot access-token listAccessTokens

Common Flags

Flag	Description
`-p key=value`	Set a named parameter
`-d '{...}'`	Request body JSON
`-H 'Key: Value'`	Custom header
`-t, --token <token>`	Bearer token for authentication
`--profile <name>`	Use a named profile
`-s, --server <url>`	Override server base URL
`-i, --include`	Include response headers in output
`--json`	Output raw JSON (no formatting)
`-v, --verbose`	Verbose output (show request details)
`--jsonata <expr>`	JSONata expression to transform response
`--definition <file>`	Override OpenAPI spec file/URL
`--guided`	Prompt for all parameters interactively
`--no-interactive`	Disable interactive prompts

Operations

Access Tokens

listAccessTokens — Lists all Access Tokens for current user (by default excludes system generated tokens)
createAccessToken — Access Token type: API (default if not specified):
revokeAccessToken — Revokes an Access Token so it can't be used anymore.

Public

getAccessTokenJwks — Get jwks public key set to verify access tokens generated by this API
getAccessTokenOIDC — OpenID Connect configuration for Access Token API as identity provider
getPublicTokenJwks — Get jwks public key set to verify public tokens generated by this API
getPublicTokenOIDC — OpenID Connect configuration for Access Token API a a public identity provider

`listAccessTokens`

Lists all Access Tokens for current user (by default excludes system generated tokens)

GET /v1/access-tokens

Parameters

Name	In	Type	Required	Description
`token_type`	query	"api" \| "journey" \| "portal" \| "assume" \| "app"[]	No	Filter by token types

Sample Call

epilot access-token listAccessTokens

With JSONata filter:

epilot access-token listAccessTokens --jsonata '$'

Sample Response

[
  {
    "id": "api_5ZugdRXasLfWBypHi93Fk",
    "created_at": "1970-01-01T00:00:00.000Z",
    "name": "Postman Access Token",
    "token_type": "api",
    "journey_id": "string",
    "portal_id": "string",
    "assignments": ["123:owner"],
    "last_used": "2026-02-24"
  }
]

`createAccessToken`

Access Token type: API (default if not specified):

POST /v1/access-tokens

Request Body

Sample Call

epilot access-token createAccessToken \
  -d '{"name":"Postman Access Token","token_type":"api","assignments":["123:owner"],"expires_in":3600}'

Using stdin pipe:

cat body.json | epilot access-token createAccessToken

With JSONata filter:

epilot access-token createAccessToken --jsonata '$'

Sample Response

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp...",
  "id": "api_5ZugdRXasLfWBypHi93Fk",
  "created_at": "1970-01-01T00:00:00.000Z",
  "name": "Postman Access Token",
  "token_type": "api",
  "journey_id": "string",
  "portal_id": "string",
  "assignments": ["123:owner"],
  "last_used": "2026-02-24"
}

`revokeAccessToken`

Revokes an Access Token so it can't be used anymore.

DELETE /v1/access-tokens/{id}

Parameters

Name	In	Type	Required	Description
`id`	path	string	Yes

Sample Call

epilot access-token revokeAccessToken \
  -p id=api_5ZugdRXasLfWBypHi93Fk

Using positional args for path parameters:

epilot access-token revokeAccessToken api_5ZugdRXasLfWBypHi93Fk

With JSONata filter:

epilot access-token revokeAccessToken -p id=api_5ZugdRXasLfWBypHi93Fk --jsonata 'id'

Sample Response

{
  "id": "api_5ZugdRXasLfWBypHi93Fk",
  "created_at": "1970-01-01T00:00:00.000Z",
  "name": "Postman Access Token",
  "token_type": "api",
  "journey_id": "string",
  "portal_id": "string",
  "assignments": ["123:owner"],
  "last_used": "2026-02-24"
}

`getAccessTokenJwks`

Get jwks public key set to verify access tokens generated by this API

GET /v1/access-tokens/.well-known/jwks.json

Sample Call

epilot access-token getAccessTokenJwks

With JSONata filter:

epilot access-token getAccessTokenJwks --jsonata 'keys'

Sample Response

{
  "keys": [
    {
      "alg": "RS256",
      "e": "AQAB",
      "kid": "tXWU5mPMbRPczpbQwi6vbhLF4GgF3wlMDSyqo7pfeiw=",
      "kty": "RSA",
      "n": "h_QDoCjZ8W_trtYXaP7_S22wf5r5Wd9XBLED78oT44bJjQXn8ddcFV8Hik65_4IYXVX_hTTU4zpxe3H8vx2j7-Zz3O59mYMp5S0MzODNEdf5Y_2o19eis0brmAJniixsNlQ9LlYkdrVamrgaxHu3ZpP_99zkfFybYeuYoQNzb3PyrT8xVnz_USs_nlFMHpGUxvvz7gfKPqxcLvgLJr4cwI9yzaSY9CD4qW181QVcnL_WzpQ8xx6AuhhHZQ1l_3GG4InTk8ahE7U2ZHVu8RrX6d01pMgc3piEcet9RgFLnhbTg3YIiKGoAbN42wJn_x3lgIAC42T9mbmTsHyUdS6nUQ",
      "use": "sig"
    }
  ]
}

`getAccessTokenOIDC`

OpenID Connect configuration for Access Token API as identity provider

GET /v1/access-tokens/.well-known/openid-configuration

Sample Call

epilot access-token getAccessTokenOIDC

With JSONata filter:

epilot access-token getAccessTokenOIDC --jsonata 'issuer'

Sample Response

{
  "issuer": "https://access-token.sls.epilot.io/v1/access-tokens",
  "jwks_uri": "https://access-token.sls.epilot.io/v1/access-tokens/.well-known/jwks.json"
}

`getPublicTokenJwks`

Get jwks public key set to verify public tokens generated by this API

GET /v1/access-tokens/public/.well-known/jwks.json

Sample Call

epilot access-token getPublicTokenJwks

With JSONata filter:

epilot access-token getPublicTokenJwks --jsonata 'keys'

Sample Response

{
  "keys": [
    {
      "alg": "RS256",
      "e": "AQAB",
      "kid": "tXWU5mPMbRPczpbQwi6vbhLF4GgF3wlMDSyqo7pfeiw=",
      "kty": "RSA",
      "n": "h_QDoCjZ8W_trtYXaP7_S22wf5r5Wd9XBLED78oT44bJjQXn8ddcFV8Hik65_4IYXVX_hTTU4zpxe3H8vx2j7-Zz3O59mYMp5S0MzODNEdf5Y_2o19eis0brmAJniixsNlQ9LlYkdrVamrgaxHu3ZpP_99zkfFybYeuYoQNzb3PyrT8xVnz_USs_nlFMHpGUxvvz7gfKPqxcLvgLJr4cwI9yzaSY9CD4qW181QVcnL_WzpQ8xx6AuhhHZQ1l_3GG4InTk8ahE7U2ZHVu8RrX6d01pMgc3piEcet9RgFLnhbTg3YIiKGoAbN42wJn_x3lgIAC42T9mbmTsHyUdS6nUQ",
      "use": "sig"
    }
  ]
}

`getPublicTokenOIDC`

OpenID Connect configuration for Access Token API a a public identity provider

GET /v1/access-tokens/public/.well-known/openid-configuration

Sample Call

epilot access-token getPublicTokenOIDC

With JSONata filter:

epilot access-token getPublicTokenOIDC --jsonata 'issuer'

Sample Response

{
  "issuer": "https://access-token.sls.epilot.io/v1/access-tokens",
  "jwks_uri": "https://access-token.sls.epilot.io/v1/access-tokens/.well-known/jwks.json"
}

Access Token API

Quick Start​

Common Flags​

Operations​

listAccessTokens​

createAccessToken​

revokeAccessToken​

getAccessTokenJwks​

getAccessTokenOIDC​

getPublicTokenJwks​

getPublicTokenOIDC​

Quick Start

Common Flags

Operations

`listAccessTokens`

`createAccessToken`

`revokeAccessToken`

`getAccessTokenJwks`

`getAccessTokenOIDC`

`getPublicTokenJwks`

`getPublicTokenOIDC`