Create Group Auth Token

curl -L -X POST 'https://api.turso.tech/v1/organizations/{organizationSlug}/groups/{groupName}/auth/tokens?expiration=2w&authorization=full-access' \
-H 'Authorization: Bearer TOKEN'

{
  "jwt": "TOKEN"
}

POST

organizations

{organizationSlug}

groups

{groupName}

auth

tokens

curl -L -X POST 'https://api.turso.tech/v1/organizations/{organizationSlug}/groups/{groupName}/auth/tokens?expiration=2w&authorization=full-access' \
-H 'Authorization: Bearer TOKEN'

{
  "jwt": "TOKEN"
}

Tokens cannot be retrieved once created, and cannot be revoked individually.

curl -L -X POST 'https://api.turso.tech/v1/organizations/{organizationSlug}/groups/{groupName}/auth/tokens?expiration=2w&authorization=full-access' \
-H 'Authorization: Bearer TOKEN'

{
  "jwt": "TOKEN"
}

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

organizationSlug

string

required

The slug of the organization or user account.

groupName

string

required

The name of the group.

Query Parameters

expiration

string

default:never

Expiration time for the token (e.g., 2w1d30m).

authorization

enum<string>

default:full-access

Authorization level for the token (full-access or read-only).

Available options:

full-access,

read-only

Body

application/json

Additional context such as claims required for the token.

permissions

object

The permissions for the token.

Show child attributes

permissions.read_attach

object

Read ATTACH permission for the token.

Show child attributes

permissions.read_attach.databases

string[]

Response

Successful response

jwt

string

The generated authorization token (JWT).

Unarchive Invalidate Tokens

⌘I

Turso Cloud

SDKs

CLI

API Reference

Create Group Auth Token

Authorizations

Path Parameters

Query Parameters

Body

Response