Developers
Authentication
Issue API tokens, choose scopes, and authenticate requests with a Bearer token.
Issue a token
In the dashboard, go to Agents & API and create a token. Choose its scope:
- read — list and read sites, backups, and activity.
- write — everything read can do, plus actions that change state (create backups, apply updates, generate login URLs).
The plaintext token is shown once, at creation time. FleetWP stores only a SHA-256 hash and a short prefix, so it can never show you the token again — copy it somewhere safe. You can revoke a token at any time from the same page.
Authenticate a request
Send the token as a Bearer credential in the Authorization header:
GET /api/v1/sites HTTP/1.1
Host: app.fleetwp.io
Authorization: Bearer fwp_your_token_herecurl -s https://app.fleetwp.io/api/v1/sites \
-H "Authorization: Bearer $FLEETWP_TOKEN"Scopes and errors
- A missing or malformed token returns 401.
- A write request made with a read-only token is rejected.
The CLI and MCP server read the token from the FLEETWP_TOKEN environment
variable, so you never pass it on the command line.