FleetWP Docs
Developers

Authentication

Issue API tokens, choose scopes, and authenticate requests with a Bearer token.

Issue a token

In the dashboard, go to Agents & API and create a token. Choose its scope:

  • read — list and read sites, backups, and activity.
  • write — everything read can do, plus actions that change state (create backups, apply updates, generate login URLs).

The plaintext token is shown once, at creation time. FleetWP stores only a SHA-256 hash and a short prefix, so it can never show you the token again — copy it somewhere safe. You can revoke a token at any time from the same page.

Authenticate a request

Send the token as a Bearer credential in the Authorization header:

GET /api/v1/sites HTTP/1.1
Host: app.fleetwp.io
Authorization: Bearer fwp_your_token_here
curl -s https://app.fleetwp.io/api/v1/sites \
  -H "Authorization: Bearer $FLEETWP_TOKEN"

Scopes and errors

  • A missing or malformed token returns 401.
  • A write request made with a read-only token is rejected.

The CLI and MCP server read the token from the FLEETWP_TOKEN environment variable, so you never pass it on the command line.

On this page