Api Tokens
Programmatic credentials — mint, verify (bearer + HMAC), rotate, revoke, webhooks, audit.
ADRI-21 — read the project's verify-audit log (newest first).
auditLog(input?: { tokenKey?: string; limit?: number; }): Promise<{ entries: VerifyAuditEntry[]; }>;create(input: CreateTokenInput): Promise<CreateTokenResult>;list(input?: { env?: TokenEnv; }): Promise<{ tokens: TokenInfo[]; }>;revoke(input: { key: string; }): Promise<{ ok: true; }>;A minted api-token rotates ITSELF: present the token's own full string and get back a fresh successor with the SAME scopes/config; the old token is revoked immediately. Needs NO project credentials.
rotateApiTokenSelf(opts: { baseUrl?: string; token: string }): Promise<RotateSelfResult>verify(input: { token: string; clientIp: string; }): Promise<VerifyTokenResult>;ADRI-65 — HMAC signature verify (the secret never travels). The consumer signs the canonical request `METHOD\nPATH\nTIMESTAMP\nNONCE\nbodyHash` with HMAC-SHA256 (bodyHash = sha256hex(body)); pass the parts + the hex signature here. On a bad signature/replay/stale-timestamp the call rejects with AdrifactClientError (status 401, body `{ ok:false, reason }`) — mirror of `verify`. Tokens minted before ADRI-65 are bearer-only (`not_hmac_capable`).
verifySignature(input: VerifySignatureInput): Promise<VerifySignatureResult>;clear(): Promise<{ ok: true; deleted: boolean; }>;get(): Promise<TokenWebhookGetResult>;Returns the signingSecret ONCE — store it to verify X-Adrifact-Signature.
set(input: { url: string; }): Promise<{ ok: true; signingSecret: string; }>;Embeddable React components for this App. Click one to preview its UI. Previews render the component only — live data calls are disabled here (wire the Provider's basePath to a connector, as the Console does, to make them functional).