Mint a capability

curl --request POST \
  --url https://api.abloatai.com/v1/capabilities \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "can": [
    "<string>"
  ],
  "syncGroups": [
    "<string>"
  ],
  "ttlSeconds": 123
}
'

{
  "object": "<string>",
  "id": "<string>",
  "token": "<string>",
  "can": [
    "<string>"
  ],
  "syncGroups": [
    "<string>"
  ],
  "expiresAt": 123
}

POST

capabilities

Mint a capability

curl --request POST \
  --url https://api.abloatai.com/v1/capabilities \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "can": [
    "<string>"
  ],
  "syncGroups": [
    "<string>"
  ],
  "ttlSeconds": 123
}
'

{
  "object": "<string>",
  "id": "<string>",
  "token": "<string>",
  "can": [
    "<string>"
  ],
  "syncGroups": [
    "<string>"
  ],
  "expiresAt": 123
}

Authorizations

Authorization

string

header

required

API key (sk_live_…) or a scoped capability/ephemeral token. The same header carries both — the server discriminates by token shape.

Body

application/json

can

string[]

Allowed model aliases.

syncGroups

string[]

ttlSeconds

integer

Response

The minted capability (token shown once).

object

string

Allowed value: "capability"

string

token

string | null

Shown once at creation.

can

string[]

syncGroups

string[]

expiresAt

integer

List capabilities

Retrieve a capability