Token Management

Create, list, and revoke SkillReg API tokens for programmatic access. Manage CI/CD integrations and automated skill publishing workflows.

Overview

API tokens let you access the SkillReg registry programmatically — from CI/CD pipelines, automation scripts, or any environment where browser login isn't practical. Each token is scoped to an organization and carries one or more permission scopes: read, write, or admin.

Create a Token

skillreg token create

Create a new API token for programmatic access.

Flag	Description	Default
--name <name>	Token name (required)	—
--scopes <scopes>	Comma-separated scopes: read, write, admin	read,write
--org <slug>	Organization slug	—

Terminal

skillreg token create --name "ci-deploy" --scopes read,write --org acme

✓ Token created successfully!

  Name:   ci-deploy
  Scopes: read, write
  Token:  sr_live_a1b2c3d4e5f6g7h8i9j0...

  ⚠ Copy this token now — it will not be shown again.

Save the token immediately

The full token value is displayed only once at creation time. Store it in a secure location (e.g. your CI/CD secrets manager). If you lose it, you'll need to revoke the token and create a new one.

List Tokens

skillreg token list

List all API tokens for an organization.

Flag	Description	Default
--org <slug>	Organization slug	—

Terminal

skillreg token list --org acme

NAME          PREFIX         SCOPES        LAST USED
ci-deploy     sr_live_a1b2   read, write   2 hours ago
bot-readonly  sr_live_f3g4   read          3 days ago
admin-key     sr_live_x9y0   admin         never

Revoke a Token

skillreg token revoke<id>

Permanently revoke an API token. This action cannot be undone.

Flag	Description	Default
--org <slug>	Organization slug	—

Terminal

skillreg token revoke clx7f2k3a --org acme

✓ Token "ci-deploy" has been revoked.

Finding the token ID

Get the token ID from skillreg token list. The ID is a unique identifier, distinct from the token name or prefix.

Token Scopes

Each scope includes the permissions of the scopes below it. For example, write implicitly includes read.

read — Pull skills, search the registry, list skills, and view skill info.
write — Push skills to the registry. Includes all read permissions.
admin — Manage tokens, organization settings, and members. Includes all write permissions.

Least privilege

Follow the principle of least privilege. CI/CD pipelines that only pull skills should use read-only tokens. Reserve admin tokens for automation that manages org settings.

Token Formats

SkillReg tokens use a prefix convention to identify their type at a glance:

sr_live_* — Production tokens. Used for all standard API access.
sr_test_* — Test tokens. Used in development and testing environments.
sk_* — Legacy format. Still supported for backward compatibility but new tokens always use the sr_ prefix.

Tokens are encoded in base64url and are safe to use in HTTP headers, environment variables, and configuration files.