Production Board

Authentication

Two ways to authenticate against Production Board.

Every request to Production Board authenticates with a Bearer token in the Authorization header. Two token types are accepted: short-lived session tokens (issued by /auth/login or /auth/magic/verify) and long-lived personal access tokens (PATs, prefixed pat_).

Tokens

Session tokens (JWT)

Issued by the login endpoints. Carry a sliding expiration; an actively used session never expires. Use these for browser sessions and short-lived scripts.

Personal access tokens (PATs)

Create one via the Integrations menu in the app. The raw secret (pat_…) is shown exactly once on creation. Each token carries its own scope set, expires at the configured time, and can be revoked anytime. Use these for CI, scripts, and third-party tools.

Example

curl -H "Authorization: Bearer pat_…" \
     https://deploysition.cloud/xapi2/data/board