Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.spote.cloud/llms.txt

Use this file to discover all available pages before exploring further.

Personal Access Tokens (PATs) give external tools like AI agents or scripts access to your Spote account without using your password. Each token acts as a long-lived credential that you can create, label, and revoke independently.

When you need a PAT

  • Connecting an AI agent — tools like Claude Desktop or Cursor connect to Spote via the MCP server and require a token to authenticate.
  • Calling the REST API from a script — if you’re building an integration or automation that calls /api/notes or other endpoints, use a PAT to authenticate your requests.

Creating a token

1

Open Settings

Click the gear icon in the top bar to open Settings.
2

Click New token

Click the New token button to open the token creation form.
3

Give the token a label

Enter a descriptive label so you can identify the token later, for example Claude Desktop or My Script.
4

Generate the token

Click Generate. Spote creates the token and displays it on screen.
5

Copy the token immediately

Copy the token now. It starts with spote_ and is shown only once. Spote stores only a hash of the token — the raw value cannot be retrieved after you close this screen.
Your token is shown only once. Store it somewhere safe — you cannot retrieve it later. If you lose it, delete the token and generate a new one.

Using a token

Pass the token as a Bearer token in the Authorization header of your API requests: 
curl https://your-spote-app.com/api/notes \
  -H "Authorization: Bearer spote_YOUR_TOKEN_HERE"
All Spote REST API endpoints that require authentication accept this header.

Revoking a token

Go to Settings and find the token you want to remove. Click the delete icon next to it. The token is invalidated immediately — any requests using that token will receive a 401 Unauthorized response.

Security tips

  • Create a separate token for each tool — one for Claude Desktop, one for your scripts, and so on. This way you can revoke a single token without affecting your other integrations.
  • Revoke tokens you no longer use.
  • Never share tokens with others or commit them to version control.