> ## Documentation Index
> Fetch the complete documentation index at: https://docs.turso.tech/llms.txt
> Use this file to discover all available pages before exploring further.
# Create Group Auth Token
> Generates an authorization token for the specified group.
Tokens cannot be retrieved once created, and cannot be revoked individually.
```bash cURL theme={null}
curl -L -X POST 'https://api.turso.tech/v1/organizations/{organizationSlug}/groups/{groupName}/auth/tokens?expiration=2w&authorization=full-access' \
-H 'Authorization: Bearer TOKEN'
```
```ts Node.js theme={null}
import { createClient } from "@tursodatabase/api";
const turso = createClient({
org: "...",
token: "",
});
const token = await turso.groups.createToken("default", {
expiration: "2w",
authorization: "full-access",
});
```
```json theme={null}
{
"jwt": "TOKEN"
}
```
## OpenAPI
````yaml POST /v1/organizations/{organizationSlug}/groups/{groupName}/auth/tokens
openapi: 3.0.1
info:
title: Turso Platform API
description: API description here
license:
name: MIT
version: 0.1.0
servers:
- url: https://api.turso.tech
description: Turso's Platform API
security: []
paths:
/v1/organizations/{organizationSlug}/groups/{groupName}/auth/tokens:
post:
summary: Create Group Auth Token
description: Generates an authorization token for the specified group.
operationId: createGroupToken
parameters:
- $ref: '#/components/parameters/organizationSlug'
- $ref: '#/components/parameters/groupName'
- name: expiration
in: query
schema:
type: string
default: never
description: Expiration time for the token (e.g., 2w1d30m).
- name: authorization
in: query
schema:
type: string
default: full-access
enum:
- full-access
- read-only
description: Authorization level for the token (full-access or read-only).
requestBody:
description: Additional context such as claims required for the token.
required: false
content:
application/json:
schema:
$ref: '#/components/schemas/CreateTokenInput'
responses:
'200':
description: Successful response
content:
application/json:
schema:
type: object
properties:
jwt:
type: string
description: The generated authorization token (JWT).
'400':
description: Bad Request
content:
application/json:
schema:
type: object
properties:
error:
type: string
description: The error message
example: Invalid expiration format
'404':
$ref: '#/components/responses/GroupNotFoundResponse'
components:
parameters:
organizationSlug:
in: path
name: organizationSlug
required: true
schema:
type: string
description: The slug of the organization or user account.
groupName:
name: groupName
in: path
required: true
schema:
type: string
description: The name of the group.
schemas:
CreateTokenInput:
type: object
properties:
permissions:
type: object
description: The permissions for the token.
properties:
read_attach:
type: object
description: Read `ATTACH` permission for the token.
properties:
databases:
type: array
items:
type: string
responses:
GroupNotFoundResponse:
description: Group not found
content:
application/json:
schema:
type: object
properties:
error:
type: string
description: The error message
example: group not found
````