Label Studio · Capability
API Reference — subpackage_tokens
API Reference — subpackage_tokens. 5 operations. Lead operation: List API tokens. Self-contained Naftiko capability covering one Label Studio business surface.
What You Can Do
GET
List
— List API tokens
/v1/api/token
POST
Create
— Create API token
/v1/api/token
POST
Blacklist
— Blacklist a JWT refresh token
/v1/api/token/blacklist
POST
Refresh
— Refresh JWT token
/v1/api/token/refresh
POST
Rotate
— Rotate JWT refresh token
/v1/api/token/rotate
MCP Tools
list-api-tokens
List API tokens
read-only
idempotent
create-api-token
Create API token
blacklist-jwt-refresh-token
Blacklist a JWT refresh token
read-only
refresh-jwt-token
Refresh JWT token
rotate-jwt-refresh-token
Rotate JWT refresh token
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: API Reference — subpackage_tokens
description: 'API Reference — subpackage_tokens. 5 operations. Lead operation: List API tokens. Self-contained Naftiko capability
covering one Label Studio business surface.'
tags:
- Label Studio
- subpackage_tokens
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
LABEL_STUDIO_API_KEY: LABEL_STUDIO_API_KEY
capability:
consumes:
- type: http
namespace: label-studio-subpackage-tokens
baseUri: http://localhost:8000
description: API Reference — subpackage_tokens business capability. Self-contained, no shared references.
resources:
- name: api-token
path: /api/token/
operations:
- name: list
method: GET
description: List API tokens
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: ordering
in: query
type: string
description: Which field to use when ordering the results.
- name: Authorization
in: header
type: string
description: 'The token (or API key) must be passed as a request header. You can find your user token on the User
Account page in Label Studio. Example: <br><pre><code class='
required: true
- name: create
method: POST
description: Create API token
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: Authorization
in: header
type: string
description: 'The token (or API key) must be passed as a request header. You can find your user token on the User
Account page in Label Studio. Example: <br><pre><code class='
required: true
- name: api-token-blacklist
path: /api/token/blacklist/
operations:
- name: blacklist
method: POST
description: Blacklist a JWT refresh token
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: api-token-refresh
path: /api/token/refresh/
operations:
- name: refresh
method: POST
description: Refresh JWT token
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: api-token-rotate
path: /api/token/rotate/
operations:
- name: rotate
method: POST
description: Rotate JWT refresh token
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: Authorization
in: header
type: string
description: 'The token (or API key) must be passed as a request header. You can find your user token on the User
Account page in Label Studio. Example: <br><pre><code class='
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: false
authentication:
type: apikey
key: Authorization
value: '{{env.LABEL_STUDIO_API_KEY}}'
placement: header
exposes:
- type: rest
namespace: label-studio-subpackage-tokens-rest
port: 8080
description: REST adapter for API Reference — subpackage_tokens. One Spectral-compliant resource per consumed operation,
prefixed with /v1.
resources:
- path: /v1/api/token
name: api-token
description: REST surface for api-token.
operations:
- method: GET
name: list
description: List API tokens
call: label-studio-subpackage-tokens.list
with:
ordering: rest.ordering
Authorization: rest.Authorization
outputParameters:
- type: object
mapping: $.
- method: POST
name: create
description: Create API token
call: label-studio-subpackage-tokens.create
with:
Authorization: rest.Authorization
outputParameters:
- type: object
mapping: $.
- path: /v1/api/token/blacklist
name: api-token-blacklist
description: REST surface for api-token-blacklist.
operations:
- method: POST
name: blacklist
description: Blacklist a JWT refresh token
call: label-studio-subpackage-tokens.blacklist
with:
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/token/refresh
name: api-token-refresh
description: REST surface for api-token-refresh.
operations:
- method: POST
name: refresh
description: Refresh JWT token
call: label-studio-subpackage-tokens.refresh
with:
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/token/rotate
name: api-token-rotate
description: REST surface for api-token-rotate.
operations:
- method: POST
name: rotate
description: Rotate JWT refresh token
call: label-studio-subpackage-tokens.rotate
with:
Authorization: rest.Authorization
body: rest.body
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: label-studio-subpackage-tokens-mcp
port: 9090
transport: http
description: MCP adapter for API Reference — subpackage_tokens. One tool per consumed operation, routed inline through
this capability's consumes block.
tools:
- name: list-api-tokens
description: List API tokens
hints:
readOnly: true
destructive: false
idempotent: true
call: label-studio-subpackage-tokens.list
with:
ordering: tools.ordering
Authorization: tools.Authorization
outputParameters:
- type: object
mapping: $.
- name: create-api-token
description: Create API token
hints:
readOnly: false
destructive: false
idempotent: false
call: label-studio-subpackage-tokens.create
with:
Authorization: tools.Authorization
outputParameters:
- type: object
mapping: $.
- name: blacklist-jwt-refresh-token
description: Blacklist a JWT refresh token
hints:
readOnly: true
destructive: false
idempotent: false
call: label-studio-subpackage-tokens.blacklist
with:
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: refresh-jwt-token
description: Refresh JWT token
hints:
readOnly: false
destructive: false
idempotent: false
call: label-studio-subpackage-tokens.refresh
with:
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: rotate-jwt-refresh-token
description: Rotate JWT refresh token
hints:
readOnly: false
destructive: false
idempotent: false
call: label-studio-subpackage-tokens.rotate
with:
Authorization: tools.Authorization
body: tools.body
outputParameters:
- type: object
mapping: $.