Skip to main content

Documentation Index

Fetch the complete documentation index at: https://slatehq.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Slate uses Bearer tokens to authenticate API requests. Each token is scoped to a single workspace and inherits the permissions of the workspace admin who created it.

Create an API token

Only workspace admins can create API tokens.
  1. Open the Slate dashboard and go to Settings > API Tokens.
  2. Enter a name for the token.
  3. Choose an expiration period: 7 days, 30 days, 90 days, or No expiration.
  4. Click Create Token.
  5. Copy the token immediately.
The full token is shown only once. Store it in a secure location before closing the dialog. You cannot retrieve the token after this step.
The token starts with the slat_ prefix (for example, slat_K3x9m2...). The token list shows a preview for identification, but the full value is never displayed again.

Authenticate requests

Include the token in the Authorization header of every API request: 
Authorization: Bearer slat_<your-token>

curl -s "https://api.slatehq.ai/workflow-service/api/public/v1/workflow-runs/run_x7k9m2p4" \
  -H "Authorization: Bearer slat_YOUR_TOKEN"

Token scope

Each token is tied to a specific workspace. The API enforces this scope:
  • Requests succeed only for resources within the token’s workspace.
  • If a request includes an X-Workspace-Id header, the header value must match the token’s workspace. A mismatch returns a 403 error.

Manage tokens

View active tokens

Go to Settings > API Tokens to see all active tokens for your workspace. Each entry shows:
  • Token name
  • Token preview (first 12 characters + last 4 characters)
  • Created date and creator
  • Expiration date
  • Last used date

Revoke a token

  1. Go to Settings > API Tokens.
  2. Click the revoke button next to the token.
  3. Confirm the action.
Revocation takes effect immediately. Any system using the revoked token receives a 401 error on the next request.

Authentication errors

StatusErrorCause
401unauthorizedNo Authorization header, missing Bearer prefix, or token does not start with slat_.
401unauthorizedToken not found, has been revoked, or has expired.
401unauthorizedToken validation returned an invalid workspace.
401unauthorizedX-Workspace-Id header does not match the token’s workspace.
401unauthorizedX-Organization-Id header does not match the token’s organization.
403forbiddenThe requested endpoint is not available for API token access.

Security best practices

  • Use short-lived tokens (7 or 30 days) for automated pipelines and rotate them regularly.
  • Give each integration its own token with a descriptive name. This makes it easy to revoke access for a single system without affecting others.
  • Never hard-code tokens in source code. Use environment variables or a secrets manager.
  • Revoke tokens you no longer need. Check the “Last used” date to identify unused tokens.

What’s next