app/stories/developer/DEV-001-api-token-management.md

Create and Manage API Tokens

ID: DEV-001 Priority: High Status: Planned

User Story

As a developer, I want to create and manage API tokens so that I can integrate my applications with the identity provider programmatically.

Acceptance Criteria

• Developer can create new API tokens with custom names
• Token is shown once at creation (cannot be retrieved later)
• Developer can set token expiration (or no expiration)
• Developer can set token scopes/permissions
• List all tokens with creation date and last used
• Revoke individual tokens
• Revoke all tokens at once
• Rate limiting information shown per token

Technical Notes

• ApiTokenManager exists with basic infrastructure
• loginWithApiToken endpoint available
• Need UI for token management (currently backend only)
• Tokens should be hashed before storage (show once)
• Consider token prefixes for easy identification (idp_...)

Related TODOs

• Partial implementation in ApiTokenManager