SpedySpedy Docs

Authentication

Authenticate API requests using Personal Access Tokens (PATs).

All API requests require authentication via a Personal Access Token (PAT). PATs provide long-lived API access for scripts, CI/CD pipelines, and integrations. They inherit the permissions of the user who created them.

PATs require a Pro plan subscription.

Creating a Token

  1. Open Settings > Account > Access Tokens in the Spedy dashboard.
  2. Click Create Token and give it a descriptive name (e.g. "CI Pipeline" or "Zapier Integration").
  3. Copy the token immediately -- it is only shown once and cannot be retrieved later.

Using a Token

Include the token in the Authorization header of every API request:

curl -H "Authorization: Bearer spedy_pat_abc123def456..." \
  https://acme-corp.spedy.app/api/v1/tickets

The token is scoped to the organization of the user who created it. All requests are executed with that user's permissions.

Token Format and Security

  • Tokens are prefixed with spedy_pat_ for easy identification.
  • Treat tokens like passwords -- never commit them to version control or share them in plain text.
  • Use environment variables or a secrets manager to store tokens in CI/CD pipelines.
  • Revoke tokens you no longer need.

Token Management Endpoints

List Tokens

GET /api/v1/me/tokens

Returns all active tokens for the current user.

Example Response

{
  "tokens": [
    {
      "id": "tok_abc123",
      "name": "CI Pipeline",
      "lastUsedAt": "2025-03-15T10:30:00Z",
      "createdAt": "2025-01-10T08:00:00Z"
    }
  ]
}

Create Token

POST /api/v1/me/tokens

Create a new Personal Access Token. The full token value is only returned once in the response -- store it securely.

Request Body

FieldTypeRequiredDescription
namestringYesA descriptive name for the token

Example Request

{
  "name": "CI Pipeline"
}

Example Response

{
  "id": "tok_abc123",
  "name": "CI Pipeline",
  "token": "spedy_pat_abc123def456...",
  "createdAt": "2025-03-20T14:00:00Z"
}

Get Token

GET /api/v1/me/tokens/{tokenId}

Retrieve details of a specific token (without the secret value).

Revoke Token

DELETE /api/v1/me/tokens/{tokenId}

Permanently revoke a token. This action cannot be undone. Returns 204 No Content on success.

OAuth 2.0

For external applications such as AI tools, IDE extensions, and MCP-capable clients, Spedy also supports OAuth 2.0 with PKCE. OAuth is available on all plans (including Starter and Trial) and is the recommended authentication method for third-party integrations.

See the OAuth 2.0 page for the full reference.

On this page

Creating a TokenUsing a TokenToken Format and SecurityToken Management EndpointsList TokensCreate TokenGet TokenRevoke TokenOAuth 2.0