App API token for SERVER-SIDE callbacks (supacloud#410 / ADR 0041). Owner-only (workspace admin). Returns the plaintext **once** (`{ "token": "scwa_…" }`); only its hash is stored. Intended for server-side use by the App owner — it must NOT be embedded in the public App frontend (it would then be public).
POST
/api/apps/{id}/deployment/token
const url = 'https://example.com/api/apps/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/deployment/token';const options = {method: 'POST'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://example.com/api/apps/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/deployment/tokenParameters
Section titled “Parameters”Path Parameters
Section titled “Path Parameters”id
required
string format: uuid
Responses
Section titled “Responses”Media typeapplication/json
POST /api/apps/{id}/deployment/token – mint (rotate) the per-deployment
POST /apps/{id}/deployment/token response — the plaintext token, returned once.
object
token
required
The scwa_… plaintext App API token (shown exactly once).
string
Examplegenerated
{ "token": "example"}