> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fjall.io/llms.txt
> Use this file to discover all available pages before exploring further.

# fjall token

> Issue and manage personal and agent API tokens for AI agents, scripts, and automation that act on your behalf without an interactive login.

<Info>
  **Setting up a CI/CD pipeline?** Use a CI deploy token instead: a
  least-privilege `fjall_dk_` token built for pipelines, minted in the web app
  under **Settings → CI/CD Tokens** (minting is session-only, so the CLI
  cannot create one). See [CI/CD Integration](/deployment/ci-cd).
</Info>

## Overview

Agent tokens (`fjall_ak_`) are scoped API credentials for AI agents, scripts,
and automation acting as you. Create one per consumer, scope it to what that
consumer needs, and revoke it independently when it's done. Consumers
authenticate by setting the token as the `FJALL_API_KEY` environment variable
instead of running an interactive `fjall login`.

For pipelines, prefer a **CI deploy token** (`fjall_dk_`, minted in the web
app under **Settings → CI/CD Tokens**): it carries a fixed least-privilege
scope set and a hard 90-day expiry cap, and doubles as the pipeline's AWS
credential.

<Note>
  `fjall token` is the canonical home for these commands. The old
  `fjall user token` alias was removed in fjall 2.24.
</Note>

## Subcommands

### Create a token

```bash theme={null}
fjall token create --name docs-agent --scope read,write --expires 30d
```

| Option                 | Description                                                  |
| ---------------------- | ------------------------------------------------------------ |
| `--name <name>`        | Token name (default: `cli-token`)                            |
| `--scope <scopes>`     | Comma-separated scopes (default: `*` — all non-admin scopes) |
| `--app <app>`          | Restrict the token to an application ID                      |
| `--environment <env>`  | Restrict the token to an environment name                    |
| `--expires <duration>` | Expiry duration, for example `90d`, `24h`, `30m`             |
| `--tag <tag>`          | Source tag for auditing                                      |

The token value is shown once at creation — store it in your secret store
immediately.

### List tokens

```bash theme={null}
fjall token list
```

Shows each token's name, prefix, and status. Use `fjall token show <id>` for the full detail, or `--agent` for structured output including scopes and expiry.

### Show a token

```bash theme={null}
fjall token show <id>
```

Full detail for one token: scopes, expiry, usage count, last-used time, and
revocation state.

### Revoke a token

```bash theme={null}
fjall token revoke <id> --reason "agent decommissioned"
```

| Option              | Description           |
| ------------------- | --------------------- |
| `--reason <reason>` | Reason for revocation |

## Using a token

```bash theme={null}
export FJALL_API_KEY=<token>
fjall apps --non-interactive
```

## Next steps

<CardGroup cols={2}>
  <Card title="Agent Mode" icon="robot" href="/cli/agent-mode">
    Run Fjall from AI agents with structured output.
  </Card>

  <Card title="CI/CD Integration" icon="gears" href="/deployment/ci-cd">
    Deploy from pipelines with a least-privilege CI deploy token.
  </Card>
</CardGroup>
