post_api_runners_id_rotate_token
const url = 'https://example.com/api/runners/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/rotate-token';const options = { method: 'POST', headers: {'Content-Type': 'application/json'}, body: '{"token_ttl_secs":1}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://example.com/api/runners/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/rotate-token \ --header 'Content-Type: application/json' \ --data '{ "token_ttl_secs": 1 }'Parameters
Section titled “Parameters”Path Parameters
Section titled “Path Parameters”Runner ID
Request Bodyrequired
Section titled “Request Bodyrequired”POST /api/runners/{id}/rotate-token — rotate a runner’s bearer token
(ADR 0021, R7). System-admin auth, like GET /api/runners. Mints a fresh
scrn_ token, stores its hash in place of the old one and returns the
runner plus the new plaintext token, shown exactly once — the same one-time
treatment as registration. The previous token is invalidated immediately:
the next authenticate_runner with it fails. An unknown id maps to
NotFound.
Body of a token rotation. The optional TTL is ADR 0046 Phase 5: rotation is the
static-token renewal path, so an operator can (re)set the new token’s expiry.
Absent ⇒ the rotated token never expires (byte-identical default).
object
ADR 0046 Phase 5 — optional static-token TTL (seconds) for the new token.
Examplegenerated
{ "token_ttl_secs": 1}Responses
Section titled “Responses”Rotated; new plaintext token returned once
The result of registering a runner: the runner row plus the plaintext bearer token, which is returned once and never retrievable again.
object
Free-form advertised capabilities (images/labels/max_parallel/weight/…).
Typed as an open string-keyed map in the spec (not Object, which strips
every key) so the FE binds the advertised capability map it reads (#541).
object
ADR 0046 RUNG 2 — graceful drain: active | cordoned | draining.
cordoned/draining runners receive no new work but keep heartbeating
and finish in-flight assignments. Always populated from the row (this type
is serialize-only), so no serde default is needed.
Examplegenerated
{ "capabilities": { "additionalProperty": "example" }, "created_at": "2026-04-15T12:00:00Z", "drain_state": "example", "id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "last_heartbeat_at": "2026-04-15T12:00:00Z", "name": "example", "registered_at": "2026-04-15T12:00:00Z", "status": "example", "token": "example"}Authentication required
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}Permission denied
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}Unknown runner
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}Structured server error
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}