Skip to main content

Documentation Index

Fetch the complete documentation index at: https://doc.hitopen.com/llms.txt

Use this file to discover all available pages before exploring further.

API tokens (starting with sk-) are the credentials your applications use to call the AI Model API. Use these endpoints to create, inspect, update, and delete tokens programmatically.
All token management endpoints require User permission. Authenticate with a system access token from Personal Settings → Security Settings → System Access Tokens — not an sk- key. Pass it as Authorization: Bearer {access-token} in every request.

Endpoints

MethodPathDescription
GET/api/token/List all tokens
POST/api/token/Create a token
GET/api/token/{id}Get a single token
PUT/api/token/Update a token
DELETE/api/token/{id}Delete a token

List all tokens

GET /api/token/
Returns a paginated list of all API tokens belonging to the authenticated user.

Query parameters

p
integer
Page number (1-indexed). Defaults to 1.
page_size
integer
Number of tokens to return per page. Defaults to 10.

Example

curl -X GET "https://YOUR_NEWAPI_BASE_URL/api/token/?p=1&page_size=20" \
  -H "Authorization: Bearer your-access-token"

Create a token

POST /api/token/
Creates a new API token with the specified settings.

Request body

name
string
required
A human-readable name for the token. Used to identify it in the console.
remain_quota
integer
The quota (in units) to allocate to this token. Ignored if unlimited_quota is true.
expired_time
integer
Unix timestamp (seconds) when the token expires. Set to -1 for no expiry.
unlimited_quota
boolean
When true, the token has no quota limit. Defaults to false.
model_limits_enabled
boolean
When true, the token is restricted to the models listed in models. Defaults to false.
models
string[]
List of model identifiers the token is allowed to use. Only effective when model_limits_enabled is true.

Example

curl -X POST "https://YOUR_NEWAPI_BASE_URL/api/token/" \
  -H "Authorization: Bearer your-access-token" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "production-app",
    "remain_quota": 500000,
    "expired_time": -1,
    "unlimited_quota": false,
    "model_limits_enabled": true,
    "models": ["gpt-4o", "gpt-4o-mini"]
  }'

Get a single token

GET /api/token/{id}
Returns the details of a specific token by its numeric ID.

Path parameters

id
integer
required
The numeric ID of the token to retrieve.

Example

curl -X GET "https://YOUR_NEWAPI_BASE_URL/api/token/42" \
  -H "Authorization: Bearer your-access-token"

Update a token

PUT /api/token/
Updates an existing token. Send the full token object including the id field and any fields you want to change. The request body accepts the same fields as create a token, plus:
id
integer
required
The numeric ID of the token to update.
name
string
Updated display name for the token.
remain_quota
integer
Updated quota allocation. Ignored if unlimited_quota is true.
expired_time
integer
Updated expiry timestamp (Unix seconds). Set to -1 for no expiry.
unlimited_quota
boolean
When true, removes the quota limit.
model_limits_enabled
boolean
Enables or disables model restrictions for this token.
models
string[]
Updated list of permitted models. Only effective when model_limits_enabled is true.

Example

curl -X PUT "https://YOUR_NEWAPI_BASE_URL/api/token/" \
  -H "Authorization: Bearer your-access-token" \
  -H "Content-Type: application/json" \
  -d '{
    "id": 42,
    "name": "production-app-v2",
    "unlimited_quota": true
  }'

Delete a token

DELETE /api/token/{id}
Permanently deletes the specified token. Any application using this token will immediately lose access.

Path parameters

id
integer
required
The numeric ID of the token to delete.

Example

curl -X DELETE "https://YOUR_NEWAPI_BASE_URL/api/token/42" \
  -H "Authorization: Bearer your-access-token"
Deleting a token is irreversible. Make sure no active applications depend on the token before deleting it.