PlayableLabs Docs
Settings

API Tokens

Create and manage scoped API tokens for programmatic access to PlayableLabs

Overview

API tokens provide programmatic access to the PlayableLabs API. Each token is scoped to a specific organization and can be restricted to specific permissions.

Creating a Token

  1. Go to Developers > Tokens in the header navigation
  2. Click Create Token
  3. Configure the token:
    • Name — Descriptive name (e.g., "CI/CD Pipeline" or "Export Automation")
    • Organization — Select which organization this token applies to (if you belong to multiple)
    • Expiration — Choose token lifetime:
      • 30d — 30 days
      • 90d — 90 days
      • 1y — 1 year
      • never — No expiration
    • Permissions — Select scopes using the permission grid
  4. Click Create

The full token value is shown only once after creation. Copy and store it securely -- you cannot retrieve it later.

Permission Scopes

Tokens use a fine-grained permission grid. The system currently enforces these scopes:

ScopeStatusDescription
games:readSoonList and view games, versions, variants
games:writeSoonCreate, update, and delete games
games:deleteSoonDelete games
versions:readSoonView game versions
versions:write✅ EnforcedCreate and update versions
assets:readSoonList and download assets
assets:write✅ EnforcedUpload and manage assets
exports:readSoonView export history and status
exports:createSoonCreate new exports

Note: Scopes marked "Soon" are displayed in the UI but not yet enforced by the API. Currently, only versions:write and assets:write have backend validation.

Scope Recommendations

  • Version management: versions:write
  • Asset automation: assets:write
  • Full access: Select all scopes for maximum flexibility

Managing Tokens

Viewing Tokens

The token list shows all active tokens for your organization:

  • Name and creation date
  • Last used timestamp
  • Scopes assigned to the token
  • Token prefix (first 8 characters) for identification

Revoking a Token

  1. Find the token in the list
  2. Click the Delete button
  3. Confirm the revocation

Revoked tokens stop working immediately. Any API requests using the token will return 401 Unauthorized.

Security Best Practices

  • Least privilege -- Grant only the scopes your integration needs
  • Rotate regularly -- Replace tokens every 90 days
  • Use descriptive names -- Include the purpose and owner in the token name
  • Never commit tokens -- Keep tokens out of source code and version control
  • Monitor usage -- Check the "last used" timestamp to identify stale tokens
  • One token per integration -- Use separate tokens for different services

If you suspect a token has been compromised, revoke it immediately from the API Tokens page and create a new one.

Using Tokens in API Requests

Pass the token in the Authorization header:

curl -H "Authorization: Bearer YOUR_TOKEN" \
  https://api.playablelabs.studio/api/games

See the Authentication guide for detailed examples.

Next Steps

Integrations

Connect PlayableLabs with ClickUp, webhooks, and other external tools for streamlined workflows

API Overview

REST API basics, base URL, request format, rate limiting, pagination, and error codes for PlayableLabs

On this page

OverviewCreating a TokenPermission ScopesScope RecommendationsManaging TokensViewing TokensRevoking a TokenSecurity Best PracticesUsing Tokens in API RequestsNext Steps