Create a cluster token

Use this to create additional SATs for an existing cluster (e.g., for zero-downtime token rotation). The initial SAT is created automatically by CreateCluster.

Scope: cluster:write

Authorization

bearerAuth

AuthorizationBearer <token>

Personal Access Token (PAT) or Service Access Token (SAT). Pass the token in the Authorization header: Bearer adm_pat_...

In: header

Path Parameters

cluster_id*cluster_id

The cluster to bind this token to (UUID).

Formatuuid

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

cluster_id?cluster_id

The cluster to bind this token to (UUID).

Formatuuid

name?name

URL-safe, human-readable identifier for the token (e.g., "prod-agent-key"). Must be unique within the cluster's tokens. Lowercase alphanumeric and hyphens only.

Match^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$

Length1 <= length <= 63

expires_at?expires_at

Optional expiration time. If unset, the token does not expire.

Formatdate-time

Response Body

`application/json`

curl -X POST "https://admiral.example.com/api/v1/clusters/497f6eca-6276-4993-bfeb-53cbbbba6f08/tokens" \  -H "Content-Type: application/json" \  -d '{}'

{  "access_token": {    "id": "9f8e7d6c-5b4a-3210-fedc-ba0987654321",    "name": "ci-deploy-key",    "token_type": "TOKEN_TYPE_PAT",    "scopes": [      "deploy:write",      "app:read",      "env:read"    ],    "status": "ACCESS_TOKEN_STATUS_ACTIVE",    "binding_type": "BINDING_TYPE_USER",    "binding_id": "d290f1ee-6c54-4b01-90e6-d701748f0851",    "created_by": "d290f1ee-6c54-4b01-90e6-d701748f0851",    "expires_at": "2026-06-01T00:00:00Z",    "last_used_at": "2025-11-20T14:30:00Z",    "created_at": "2025-09-01T10:00:00Z"  },  "plain_text_token": "string"}