Skip to main content
API Tokens management Generate workspace tokens for programmatic access, Claude Desktop integration, and CLI authentication.

Token Overview

Workspace tokens provide programmatic access to your NimbleBrain workspace:

CLI Authentication

Use tokens to authenticate the NimbleTools CLI (ntcli)

API Access

Call the NimbleTools API from scripts and applications

CI/CD Pipelines

Automate deployments in GitHub Actions, GitLab CI, etc.

MCP Client

Authenticate MCP server connections in Claude Desktop

Token Information

Each token includes:
  • Token ID: A unique identifier (e.g., abc343a5-604...)
  • Status: Active or Revoked
  • Created Date: When the token was generated
  • Description: Optional label to identify the token’s purpose
Security Note: API tokens provide programmatic access to this workspace. Keep them secure and rotate regularly. Tokens are only shown once upon creation.

Creating Tokens

1

Navigate to API Tokens

Click “API Tokens” in the sidebar under Workspace Settings
2

Click Create Token

Click the blue Create Token button
3

Configure Token

Fill in token details:
  • Name/Description: Optional label to identify the token’s purpose (e.g., “Claude Desktop”, “CI/CD”)
4

Generate & Copy

Click Create and immediately copy the token value
Important: Token values are only shown once! If you lose it, you’ll need to generate a new token.

Using Tokens

With NimbleTools CLI

Set your token as an environment variable: 
# Set token for current session
export NTCLI_TOKEN=your-workspace-token

# Verify authentication
ntcli auth status

# Or use the login command
ntcli auth login --token your-workspace-token
Make it permanent by adding to your shell profile: 
# Add to ~/.bashrc, ~/.zshrc, or ~/.profile
echo 'export NTCLI_TOKEN=your-workspace-token' >> ~/.zshrc
source ~/.zshrc

With Claude Desktop

Tokens are automatically included in generated Claude Desktop configurations: 
{
  "mcpServers": {
    "server-name": {
      "command": "npx",
      "args": ["-y", "@nimbletools/mcp-client", "https://..."],
      "env": {
        "NTCLI_TOKEN": "your-workspace-token"
      }
    }
  }
}

With API Requests

Include tokens in API request headers: 
# Using curl
curl -H "Authorization: Bearer your-workspace-token" \
     https://api.nimbletools.dev/v1/workspaces/{uuid}/servers

# Using httpie
http https://api.nimbletools.dev/v1/workspaces/{uuid}/servers \
     Authorization:"Bearer your-workspace-token"

// Using fetch in JavaScript
const response = await fetch('https://api.nimbletools.dev/v1/workspaces/{uuid}/servers', {
  headers: {
    'Authorization': 'Bearer your-workspace-token'
  }
});

# Using requests in Python
import requests

headers = {'Authorization': 'Bearer your-workspace-token'}
response = requests.get(
    'https://api.nimbletools.dev/v1/workspaces/{uuid}/servers',
    headers=headers
)

Managing Tokens

Viewing Active Tokens

See all tokens for the current workspace:
1

Open Token List

Navigate to Settings → API Tokens
2

Review Tokens

View token list showing:
  • Token name/description
  • Type (Standard, Long-Lived, Read-Only)
  • Created date
  • Expiration date
  • Last used date
Token values are never displayed after creation. You’ll only see token metadata.

Refreshing Tokens

Extend the expiration of Standard tokens:
1

Find Token

Locate the token in the token list
2

Click Refresh

Click the Refresh button (only available for Standard tokens)
3

Confirm Refresh

Confirm to extend expiration by another 30 days
Only Standard tokens can be refreshed. Long-Lived tokens must be regenerated when they expire.

Deleting Tokens

Immediately invalidate a token:
1

Locate Token

Find the token in the API Tokens list
2

Click Delete

Click the Delete Token button (trash icon)
3

Confirm Deletion

Confirm - the token will be immediately invalidated
Deleting a token immediately stops all services using it. Update integrations with a new token first!

Token Security

Best Practices

Add tokens to .gitignore and use environment variables instead:
# .gitignore
.env
.env.local
*_token.txt
Create separate read-only tokens for dashboards and monitoring tools. This limits damage if a token is compromised.
Rotate tokens every 90 days for production workspaces:
  1. Generate new token
  2. Update services to use new token
  3. Verify services work with new token
  4. Revoke old token
Create separate tokens for each CI/CD pipeline or service. This allows selective revocation without affecting other services.
Regularly check “Last Used” dates and revoke unused tokens to reduce attack surface.

Storing Tokens Securely

  • Development
  • CI/CD
  • Production
Use environment variables in .env files (don’t commit them):
# .env
NTCLI_TOKEN=your-token-here

CI/CD Integration

GitHub Actions

name: Deploy MCP Server

on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Install ntcli
        run: npm install -g @nimbletools/ntcli

      - name: Deploy server
        env:
          NTCLI_TOKEN: ${{ secrets.NTCLI_TOKEN }}
        run: |
          ntcli workspace select my-workspace
          ntcli server deploy my-server

GitLab CI

deploy:
  image: node:20
  script:
    - npm install -g @nimbletools/ntcli
    - ntcli workspace select my-workspace
    - ntcli server deploy my-server
  variables:
    NTCLI_TOKEN: $NTCLI_TOKEN
  only:
    - main

CircleCI

version: 2.1

jobs:
  deploy:
    docker:
      - image: cimg/node:20.0
    steps:
      - checkout
      - run: npm install -g @nimbletools/ntcli
      - run: |
          export NTCLI_TOKEN=$NTCLI_TOKEN
          ntcli workspace select my-workspace
          ntcli server deploy my-server

workflows:
  main:
    jobs:
      - deploy:
          filters:
            branches:
              only: main

Token Expiration Handling

Automatic Refresh (CLI)

The CLI can automatically refresh Standard tokens: 
# Enable auto-refresh
ntcli config set auto-refresh-token true

# The CLI will automatically refresh your token before it expires

Manual Refresh

For services that don’t auto-refresh:
1

Monitor Expiration

Set a calendar reminder 7 days before token expiration
2

Generate New Token

Create a new token in Studio
3

Update Services

Update environment variables or CI/CD secrets
4

Verify

Test that services work with new token
5

Revoke Old Token

Revoke the old token after verifying the new one works

Troubleshooting

Causes:
  • Token expired
  • Token was revoked
  • Token is for wrong workspace
Solution:
  • Generate a new token in Studio
  • Update your environment variables
  • Verify you’re using the correct workspace
Causes:
  • Using read-only token for write operation
  • Token doesn’t have required permissions
Solution:
  • Generate a Standard or Long-Lived token (not Read-Only)
  • Verify the token is for the correct workspace
Causes:
  • Token not properly set in config file
  • Claude Desktop not restarted
Solution:
  • Verify NTCLI_TOKEN is in the env section
  • Fully quit and restart Claude Desktop

Workspace Management

Learn about workspace isolation and security

CLI Authentication

Authenticate the NimbleTools CLI

API Architecture

Understand API authentication flows

CI/CD Guide

Automate deployments with CI/CD
I