Skip to main content

Tokencraft REST API

The Tokencraft API is a RESTful API that provides programmatic access to your design tokens. Use it to integrate Tokencraft into your build process, CI/CD pipeline, or any application.

Base URL

Session-authenticated dashboard endpoints are available under https://app.tokencraft.dev/api (for example workspace collaboration and organization environments). This page focuses on the API-token surface under /api/v1.

Authentication

All API requests require authentication using Bearer tokens in the Authorization header:
See Authentication for details on creating and managing API tokens.

API v1 Access Model

API v1 access is scoped by token + workspace access context:
  • read:tokens is required for read endpoints.
  • write:tokens is required for create/update/delete endpoints.
  • export:tokens is required for export endpoints.
Write authorization is evaluated on the target workspace:
  • If the workspace belongs to an organisation on Business:
    • read: owner, admin, editor, viewer
    • write: owner, admin, editor (viewer seats are read-only)
    • viewer write attempts return 403
  • If the workspace is a solo workspace (FREE or PRO owner):
    • read/write remain owner-only
  • If the workspace owner plan does not include API write access (for example FREE), write endpoints return 403 even with write:tokens scope.
For security, inaccessible resources return 404 on workspace-scoped routes.

Request Format

The API accepts and returns JSON. Always include the Content-Type header for POST/PATCH requests:

Response Format

Success Response

Error Response

Status Codes

Rate Limiting

  • Limit: 100 requests per minute per API token
  • Headers: Rate limit information is included in response headers
See Rate Limits for details.

Endpoints Overview

Workspaces

  • GET /workspaces - List all workspaces
  • POST /workspaces - Create a workspace
  • GET /workspaces/{id} - Get a workspace
  • PATCH /workspaces/{id} - Update a workspace
  • DELETE /workspaces/{id} - Delete a workspace
  • GET /workspaces/{id}/tokensets - List tokensets in a workspace

Tokensets

  • GET /tokensets/{id} - Get a tokenset
  • PATCH /tokensets/{id} - Update a tokenset
  • DELETE /tokensets/{id} - Delete a tokenset
  • GET /tokensets/{id}/modes - List modes
  • POST /tokensets/{id}/modes - Create a mode
  • GET /tokensets/{id}/modes/{modeId} - Get a mode
  • PATCH /tokensets/{id}/modes/{modeId} - Update a mode
  • DELETE /tokensets/{id}/modes/{modeId} - Delete a mode
  • GET /tokensets/{id}/tokens - Get all tokens (across all modes)

Tokens

  • GET /tokensets/{id}/modes/{modeId}/tokens - List tokens in a mode
  • POST /tokensets/{id}/modes/{modeId}/tokens - Create a token
  • GET /tokensets/{id}/modes/{modeId}/tokens/{tokenId} - Get a token by ID
  • PATCH /tokensets/{id}/modes/{modeId}/tokens/{tokenId} - Update a token
  • DELETE /tokensets/{id}/modes/{modeId}/tokens/{tokenId} - Delete a token

Export

  • GET /tokensets/{id}/export - Export all modes
  • GET /tokensets/{id}/modes/{modeId}/export - Export a specific mode
  • GET /api/subscription/downgrade-status - Get downgrade overage/enforcement status
  • POST /api/workspaces - Create workspace from dashboard session
  • GET /api/workspaces/{workspaceId}/members - List workspace members
  • POST /api/workspaces/{workspaceId}/members - Add/update member immediately (no pending invitation email)
  • POST /api/workspaces/invitations/accept - Deprecated, returns 410 Gone
  • GET /api/workspaces/invitations/verify - Deprecated, returns 410 Gone
  • DELETE /api/workspaces/invitations/{id} - Deprecated, returns 410 Gone

Organizations & Environments (Business Session API)

  • GET /api/organizations/{orgId}/environments - List organization environments
  • POST /api/organizations/{orgId}/environments - Create environment
  • DELETE /api/organizations/{orgId}/environments/{environmentId} - Delete non-production environment
  • GET /api/organizations/{orgId}/environments/{environmentId}/releases - List releases
  • POST /api/organizations/{orgId}/environments/{environmentId}/releases - Publish release
  • POST /api/organizations/{orgId}/environments/{environmentId}/merge - Merge a source environment into Production
  • GET /api/organizations/{orgId}/environments/{environmentId}/export - Export active environment release

Quick Start

1. Get Your Workspaces

2. Get Tokensets

3. Export Tokens

SDKs and Libraries

JavaScript/TypeScript

Python

Best Practices

1. Use Environment Variables

Never hard-code tokens:

2. Handle Errors

Always check response status:

3. Respect Rate Limits

Implement exponential backoff for 429 responses:

4. Cache Responses

Design tokens don’t change frequently:

Next Steps

Authentication

Learn about API authentication

Workspaces

Manage workspaces

Export

Export tokens in multiple formats

Errors

Handle errors properly