Token Management

info

The English user guide is currently in beta preview. Most of the documents have been automatically translated from the Japanese version. Should you find any inaccuracies, please reach out to Flatt Security.

These endpoints apply to email-verified tokens. All requests that require authentication use Authorization: Bearer <your-api-key>.

Check Token Status

curl -H "Authorization: Bearer tg_anon_xxxxxx" \
  https://npm.flatt.tech/api/v1/tokens/status

Returns usage statistics including when the token was last used.

Rotate Your Token

If you have your current key — use the regenerate endpoint for an immediate rotation:

curl -X POST \
  -H "Authorization: Bearer tg_anon_xxxxxx" \
  https://npm.flatt.tech/api/v1/tokens/regenerate

The response contains your new key. The old key is invalidated immediately. Update your .npmrc with the new key.

If you lost your key — re-register with the same email address:

curl -X POST https://npm.flatt.tech/api/v1/tokens \
  -H "Content-Type: application/json" \
  -d '{"email": "you@example.com", "language": "en"}'

Because your email is already verified, Takumi Guard sends a key rotation email instead of a verification email. Click the link to receive your new key. The old key is invalidated at that point.

info

Re-registering with your email is also useful if you suspect your key has been compromised.

Revoke Your Token

curl -X DELETE \
  -H "Authorization: Bearer tg_anon_xxxxxx" \
  https://npm.flatt.tech/api/v1/tokens

The token is deactivated immediately.

warning

After revocation, npm install commands using the revoked token will fail with a 401 error. Update your .npmrc before revoking if you need to switch to a new token.