All API requests carry an Authorization header:
Authorization: Bearer <token>
- Open Settings → Personal → API tokens.
- Click New token.
- Copy the token. It’s shown once — store it somewhere safe.
The token’s permissions match your role in the org. A member-role user’s token can trigger builds; an admin-role token can also edit integrations.
Identifying yourself
curl https://api.buildpixel.io/auth/me \
-H "Authorization: Bearer $TOKEN"
{
"user": { "id": "...", "email": "...", "name": "..." },
"organization": {
"id": "...",
"name": "MyStudio",
"slug": "mystudio",
"plan": "pro"
},
"membership": { "role": "admin" }
}
Revoking a token
If a token is compromised:
- Open Settings → Personal → API tokens.
- Click Revoke next to the token.
The token returns 401 on the next request.
Token storage
Never commit tokens to git. Store them in your CI’s secret manager (secrets.BUILDPIXEL_TOKEN in GitHub Actions, ${{ env.BUILDPIXEL_TOKEN }} in GitLab) or a local credentials file outside your repo.
