API Tokens
API tokens are per-project bearer tokens for programmatic access to Tindra. Use them to authenticate CI pipelines, scripts, the MCP server, or any custom integration.
They are separate from DSNs (Client Keys). A DSN sends error and performance data in via the Sentry SDK protocol. An API token reads data out and, if write access is enabled, modifies it.
Creating a token
Go to Settings > API Tokens for a project and click New Token.
| Field | Description |
|---|---|
| Name | A label so you remember what this token is used for |
| Allow write access | Off by default. Enable to allow mutations (update issues, create alerts) |
The token value is shown once at creation. Copy it and store it somewhere safe. Tindra does not show it again.
Read vs write access
Tokens are read-only by default. A read-only token can query issues, transactions, monitors, releases, logs, and alerts, but cannot modify anything.
Check Allow write access to enable mutations. A writable token can:
- Resolve, ignore, or re-open issues
- Bulk update issue statuses
- Create alert rules
- Use the MCP server's write tools (
update_issue,bulk_update_issues,create_alert_rule)
Keep writable tokens out of client-side code. If a writable token is compromised, revoke it immediately.
Using a token
Pass the token as a Bearer header on any API request:
Authorization: Bearer tindra_your_token_here
All requests are scoped to the project the token belongs to. A token cannot access data from another project.
MCP server
API tokens are the recommended way to authenticate the MCP server. See MCP Server for setup instructions.
Revoking a token
Go to Settings > API Tokens, find the token, and click Revoke. Revoked tokens are rejected immediately with a 401.
If a token is compromised, revoke it first, then create a replacement.