Getting Started
Trust CenterTourStatusPageSupport
Start typing to search…

Create & Revoke Auth Tokens

Authentication tokens are required for programmatic access to Stairwell, including the API, CLI, and File Forwarder. Tokens are managed by Admin users from the Settings page.

Create an Authentication Token

  1. Go to https://app.stairwell.com and log in.
  2. Click the Settings icon in the left menu.
  3. Select the Auth tokens tab under the Organization section.
  4. Click Generate Token.
  5. Select the token type from the dropdown:
    • API/CLI token -- used for API requests and the Stairwell CLI.
    • File Forwarder token -- used to authenticate File Forwarder deployments.
  6. Enter a descriptive name for the token.
  7. Click Generate.
  8. Copy the token value immediately and store it securely. The token will not be displayed again.

Tip: Give tokens meaningful names that indicate their purpose (e.g., "Tines-integration-prod" or "forwarder-dc-east"). This makes it easier to audit and revoke tokens later.

Revoke an Authentication Token

Revoking a token is permanent and cannot be undone. Any scripts, automations, or integrations that depend on the token will stop working immediately.

  1. Go to https://app.stairwell.com and log in.
  2. Click the Settings icon in the left menu.
  3. Select the Auth tokens tab under the Organization section.
  4. Locate the token by name or use the filter to search.
  5. Click the ... icon under Actions next to the token.
  6. Select Revoke and confirm.

Note: File Forwarder tokens have an associated Forwarder Service Account user under the Users tab. Revoking the token does not disable the service account. If you want to fully clean up access, disable the Forwarder Service Account as well. See User Roles & Types for details.

Token Scope and Access

  • API/CLI tokens grant access to the Stairwell API and CLI for the organization the token was created in. They inherit the permissions of the user who generated them.
  • File Forwarder tokens are scoped to file ingestion and are linked to a dedicated Forwarder Service Account rather than the creating user's account.
  • Tokens do not expire automatically. Review and revoke unused tokens regularly to maintain a strong security posture.

Updated 3 days ago