API Tokens

API Tokens

Long-lived Bearer tokens for programmatic access to the Lastest REST API (/api/v1/*).

---

Use Cases

• MCP Server -- Authenticate @lastest/mcp-server to your Lastest instance
• VS Code Extension -- Connect the IDE extension to your server
• CI/CD Scripts -- Trigger builds and check results from pipelines
• Cross-Instance Migration -- Authenticate when importing/exporting tests between instances (see [Test Migration])
• Custom Integrations -- Any tool that needs to call the Lastest API

---

Creating a Token

1. Go to Settings
2. Find the API Tokens section
3. Click Create Token
4. Enter a label (e.g. "MCP Server", "CI Pipeline", "VS Code")
5. Copy the token immediately -- it's only shown once

Token Format

lastest_api_<64-hex-characters>

---

Using a Token

Include the token in the Authorization header:

curl -H "Authorization: Bearer lastest_api_abc123..." \
  "$LASTEST_URL/api/v1/repos"

The token authenticates against the same API endpoints available to browser sessions. It inherits the permissions of the user who created it.

---

Managing Tokens

• List -- All your tokens are visible in Settings with their label, creation date, and last-used date
• Revoke -- Click the revoke button to immediately invalidate a token
• Tokens cannot be retrieved after creation -- if lost, revoke and create a new one

---

MCP Server Configuration

When setting up the MCP server, use an API token as the key:

{
  "mcpServers": {
    "lastest": {
      "command": "npx",
      "args": ["@lastest/mcp-server"],
      "env": {
        "LASTEST_URL": "http://localhost:3000",
        "LASTEST_API_KEY": "lastest_api_..."
      }
    }
  }
}

See [MCP Server] for full setup instructions.