emit.run

Tokens

Managing API keys

Tokens

API keys authenticate programmatic access to the emit.run API. Each key is scoped to a single space.

Creating a Token

  1. Open a space in the dashboard
  2. Go to Tokens
  3. Click Create Token
  4. Enter a name and select scopes (or use the Worker preset)
  5. Copy the key immediately — it's shown only once

Choosing Scopes

Pick scopes based on what the token is for:

Use caseRecommended scopes
Producer — app that submits jobsjobs:create
Worker — service that processes jobsWorker preset (jobs:read, jobs:poll, jobs:ack, jobs:progress, jobs:event, jobs:complete, jobs:fail, jobs:keepalive, jobs:read:progress)
Monitor — dashboard or alertingjobs:read
Producer + monitorjobs:create, jobs:read
Third-party client — live job updates onlyjobs:read:progress
Minimal worker — no progress/eventsjobs:poll, jobs:ack, jobs:complete, jobs:fail

The Worker preset in the token creation dialog selects all the scopes a typical worker needs.

You can also use the shorthand jobs:worker scope which expands to the full worker set during authorization.

All Available Scopes

ScopeAllows
jobs:createCreate new jobs in the space
jobs:readList jobs, get job details and events
jobs:pollClaim pending jobs from the dispatch queue
jobs:ackAcknowledge receipt of a polled job
jobs:progressSend in-progress updates
jobs:eventPublish checkpoint events
jobs:completeMark jobs as completed
jobs:failMark jobs as failed
jobs:keepaliveExtend a running job's timeout
jobs:read:progressSubscribe to single-job WebSocket streams (no space-wide feed)
jobs:workerShorthand — expands to all worker scopes above
jobs:writeShorthand — expands to mutation scopes (ack, progress, event, complete, fail, keepalive)

Security Best Practices

  • Store keys in environment variables or a secrets manager — never commit them to source control
  • Use separate keys for producers and workers — if a producer key is compromised, your workers keep running
  • Use the minimum scopes needed — a producer doesn't need jobs:poll, a monitor doesn't need jobs:complete
  • Rotate keys periodically — create a new key, update your services, then delete the old one
  • Delete unused keys — every active key is an attack surface

On this page