Authentication
Create API tokens, authenticate requests and understand scopes.
API tokens
Personal and service tokens are created in the Admin Console under Settings → API Tokens. Tokens carry scopes that limit what they may do, and can be revoked at any time. Treat them like passwords.
curl https://api.aiinak.com/email/v1/messages \
-H "Authorization: Bearer aii_live_xxxxxxxxxxxxxxxx"Scopes
| Scope | Grants |
|---|---|
| mail.read / mail.write | Read or send and manage email |
| calendar.read / calendar.write | Read or manage events and bookings |
| drive.read / drive.write | List/download or upload/manage files |
| meetings.manage | Create meetings, fetch transcripts and summaries |
| recruit.manage | Roles, candidates and interview operations |
| erp.query | Run Nexus natural-language and entity queries |
| admin.read / admin.write | Org analytics, users and licenses |
Least privilege
Issue tokens with the narrowest scopes that work. RBAC still applies on top of scopes — a token can never do more than the user or service account that owns it.
Rotating and revoking
- 1
Create the replacement token
Generate the new token with identical scopes.
- 2
Deploy it
Update your integration's secret storage and roll it out.
- 3
Revoke the old token
Revocation is immediate; in-flight requests with the old token fail with 401.