> ## Documentation Index
> Fetch the complete documentation index at: https://timelines.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Rotate public API token

> Rotates the Public API token for a partner-managed workspace. A new token is generated, persisted according to the platform’s security rules, and the previous token is invalidated immediately. Each successful rotation returns the new raw token value and the rotated_at timestamp. Subsequent calls rotate the token again; the operation is not idempotent. Workspace ownership and billing eligibility checks apply. Partners are expected to update their integrations to use the newly issued token as soon as it is returned.



## OpenAPI

````yaml post /workspaces/{workspace_id}/api-token
openapi: 3.0.3
info:
  title: Partner API
  version: 1.0.1
  description: >-
    Partner-facing HTTP API used by approved integrators to provision and manage
    TimelinesAI workspaces, users and WhatsApp connections on behalf of their
    customers. All endpoints are versioned under /partner/api/v1 and secured
    with JWT bearer authentication. Obtaining a workspace Public API token,
    together with the capabilities of the Public API such as webhook
    subscriptions, enables partners to build complex integrations for their
    customers.
servers:
  - url: /partner/api/v1
    description: Partner API root URL
security:
  - bearerAuth: []
tags:
  - name: workspaces
  - name: users
  - name: whatsappAccounts
  - name: qr
  - name: publicAPI
paths:
  /workspaces/{workspace_id}/api-token:
    post:
      tags:
        - publicAPI
      summary: Rotate public API token
      description: >-
        Rotates the Public API token for a partner-managed workspace. A new
        token is generated, persisted according to the platform’s security
        rules, and the previous token is invalidated immediately. Each
        successful rotation returns the new raw token value and the rotated_at
        timestamp. Subsequent calls rotate the token again; the operation is not
        idempotent. Workspace ownership and billing eligibility checks apply.
        Partners are expected to update their integrations to use the newly
        issued token as soon as it is returned.
      operationId: rotatePublicAPIToken
      parameters:
        - $ref: '#/components/parameters/X-TL-Partner-Id'
        - name: workspace_id
          in: path
          required: true
          description: The unique identifier for the workspace.
          schema:
            type: string
      responses:
        '201':
          description: Token rotated
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PartnerAPIPublicTokenResponse'
components:
  parameters:
    X-TL-Partner-Id:
      name: X-TL-Partner-Id
      in: header
      description: The unique identifier for the partner.
      required: true
      schema:
        type: string
  schemas:
    PartnerAPIPublicTokenResponse:
      type: object
      properties:
        workspace_id:
          type: string
          description: Unique identifier for the workspace
        token:
          type: string
          description: Raw Public API token value
        rotated_at:
          type: string
          description: Timestamp when the token was rotated and became invalid.
          format: date-time
          example: '2024-01-01T12:00:00Z'
      required:
        - workspace_id
        - token
      description: >-
        Response payload for retrieving or rotating a workspace Public API
        token. Returns the workspace_id and the raw token value, and, for
        rotation calls, the rotated_at timestamp that indicates when the
        previous token became invalid.
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        JWT bearer authentication. The token payload must include partner_id,
        nbf (not-before) and exp (expiry) claims. All Partner API requests must
        be authenticated with Authorization: Bearer <token>.

````