API Tokens | ibee | Documentation

API tokens give you programmatic access to IBEE Cloud services. A token can be scoped to Object Storage, Billing, or both. Tokens with Object Storage access include S3 credentials for use with AWS CLI, rclone, and any S3-compatible tool.

Before you begin

An active IBEE Cloud project (Create a project)
A verified account (Verify your account)

Create a token

Go to API Tokens

In the IBEE Cloud portal, click API Tokens in the left sidebar under Tools.

This opens portal.ibee.ai/a/{project_id}/api-tokens.

Open the create dialog

Click + Create Token.

Enter token details

Field	Required	Description
Name	Yes	Identifies the token in the dashboard
Description	No	e.g., Used for production deployments
Expires In (days)	No	Between 1–365 days. Default: 90

Set permissions

Select at least one permission scope. Expand each to configure sub-permissions.

Object Storage

When Object Storage is checked, select a storage permission level:

Permission	What it allows
Admin Read & Write	Create, list, delete buckets; edit bucket configuration; read, write, and list objects
Admin Read only	List buckets; view configuration; read and list objects
Object Read & Write	Read, write, and list objects in specific buckets
Object Read only	Read and list objects in specific buckets

Then choose which buckets the token applies to:

Apply to all buckets in this account (including newly created buckets)
Apply to specific buckets only

Selecting Object Storage generates S3 credentials alongside the Bearer Token. The Token will include preview at the bottom of the modal confirms:

Bearer Token (for REST API)
Access Key ID (for S3 API)
Secret Access Key (for S3 API)

Billing

When Billing is checked, select a billing permission level:

Permission	What it allows
Read only	View invoices, orders, and account balance

Create the token

Click Create Token.

Save your credentials

The S3 Credentials Created panel shows your credentials immediately after creation:

Credential	Format	Use
Bearer Token	`ibee_v4_...`	`Authorization` header for the IBEE REST API
Access Key ID	`AKIA...`	S3 credential for AWS CLI, rclone, and S3-compatible tools
Secret Access Key	—	S3 credential — shown once only
S3 Endpoint	`https://{project_id}.blob.ibeestorage.com`	S3-compatible endpoint URL

Save these credentials now. The Secret Access Key won’t be shown again. Copy all values before closing this screen. If you lose the Secret Access Key, revoke the token and create a new one.

Manage tokens

Tokens appear in the API Tokens list with the following columns:

Column	Description
NAME	Token name
PRODUCTS	Permissions granted (e.g. Object Storage, Billing)
CREATED	Creation date
EXPIRES	Expiry date
STATUS	Active / Expired
ACTIONS	Revoke

Revoke a token

Click Revoke in the Actions column. Revoked tokens lose access immediately and cannot be restored — create a new token if access is needed again.

Troubleshooting

Create Token button is disabled At least one permission scope (Object Storage or Billing) must be selected.

Secret Access Key not saved The Secret Access Key is only shown once. Revoke the token and create a new one.

S3 authentication failing Verify you are using:

The correct S3 Endpoint: https://{project_id}.blob.ibeestorage.com
The Access Key ID and Secret Access Key from the same token creation

Token expired Tokens expire after the number of days set at creation (default 90, max 365). Revoke the old token and create a new one with a longer expiry if needed.