ASAgentStead Docs
API

Personal Access Tokens

Create and manage Personal Access Tokens (PATs) for programmatic access to the AgentStead API.

Personal Access Tokens let you authenticate API calls from scripts, CI pipelines, or any automation without using your account password or session cookie.

Tokens are displayed once at creation. Copy your token immediately — if you lose it, you'll need to revoke it and create a new one.

Creating a token

Open API settings

Go to Settings → API in the AgentStead dashboard.

Click New Token

Give the token a descriptive name — something that identifies what it's for, like deploy-ci or monitoring-script.

Choose scopes

Select the minimum scopes your use case needs:

ScopeWhat it allows
readList and inspect agents, read logs, check health
deployStart, stop, restart, and deploy agents
fullAll operations including secrets, settings, and backups

You can select multiple scopes. A token with read + deploy but not full cannot access secrets.

Set an expiry (optional)

Leave blank for a non-expiring token, or set a date. Expired tokens are automatically rejected.

Copy the token

The full token is shown exactly once. It looks like:

x3s_abc123defghijklmnopqrstuvwxyz

Copy it now and store it somewhere safe (a password manager, a CI secret, an environment variable).

Using a token

Pass the token in the Authorization header of every request:

List your agents
curl https://api.agentstead.dev/api/agents \
  -H "Authorization: Bearer x3s_your_token_here"
List your agents
const res = await fetch('https://api.agentstead.dev/api/agents', {
  headers: {
    'Authorization': 'Bearer x3s_your_token_here',
  },
});
const { agents } = await res.json();
List your agents
import httpx

headers = {"Authorization": "Bearer x3s_your_token_here"}
r = httpx.get("https://api.agentstead.dev/api/agents", headers=headers)
agents = r.json()["agents"]

Revoking a token

Go to Settings → API, find the token by name or prefix, and click Revoke. The token stops working immediately.

Revoke tokens you no longer use, tokens that may have been exposed, and tokens belonging to pipelines you've decommissioned.

Token lifecycle

Troubleshooting

API Overview

Authenticate and interact with AgentStead programmatically using the REST API and Personal Access Tokens.

API Reference

Complete endpoint reference for the AgentStead REST API — agents, secrets, backups, schedules, and tokens.

On this page

Creating a tokenOpen API settingsClick New TokenChoose scopesSet an expiry (optional)Copy the tokenUsing a tokenRevoking a tokenToken lifecycleTroubleshooting