Authentication

The Shipchart API uses personal access tokens (via Laravel Sanctum) for authentication. Every request must include a valid token.

Creating tokens

Go to Settings → API Tokens in the app. Click Create Token, choose a name, and select the abilities you need.

The token value is only shown once. Copy it immediately after creation. If you lose it, revoke the old token and create a new one.

Making authenticated requests

Include your token in the Authorization header as a Bearer token:

curl -H "Authorization: Bearer YOUR_TOKEN_HERE" \
     -H "Accept: application/json" \
     https://shipchart.app/api/v1/ping

Token abilities

Tokens are scoped with abilities that control what they can access. Select only the abilities you need:

Ability	Grants access to	Methods
`read`	Query all data: projects, revenue, ideas, check-ins, integrations, dashboard	`GET`
`write`	Create and update projects, revenue entries, check-ins, ideas; promote ideas	`POST`, `PUT`
`delete`	Archive projects, delete revenue entries and ideas	`DELETE`
`sync`	Trigger manual syncs for connected integrations	`POST`

For an AI assistant that reads and writes data, select read and write.

Error responses

Missing or invalid tokens return 401 Unauthenticated:

{
  "message": "Unauthenticated."
}

A valid token without the required ability returns 403 Forbidden:

{
  "message": "Invalid ability provided."
}

Revoking tokens

Revoke a token in Settings → API Tokens by clicking the trash icon next to the token. Revoked tokens are immediately invalidated — any applications using them will stop working.

Endpoint Reference

Every endpoint with request/response examples

MCP Server

Connect your AI assistant instead