Viewer Tokens API
Generate short-lived JWTs for the embeddable log viewer. Viewer tokens are the only credential safe to expose in client-side code and are scoped to a single tenant.
Create Viewer Token#
POST
/api/v1/viewer-tokensGenerate a viewer token for a specific tenant. The token is a signed JWT with a vt_ prefix that encodes the tenant ID and expiration.
Auth: Project key
Request body
| Name | Type | Required | Description |
|---|---|---|---|
| tenant_id | string | Required | The tenant ID this token grants read access to. All queries made with this token are force-filtered to this tenant. |
| tier | string | Optional | Visibility tier name. Must be a tier that exists for the project. Controls which events and fields the viewer can see. |
| expires_in | number | Optional | Token lifetime in seconds. Min: 60, max: 86400, default: 3600 (1 hour). |
Create a viewer token
curl -X POST https://logstitch.io/api/v1/viewer-tokens \
-H "Authorization: Bearer pk_..." \
-H "Content-Type: application/json" \
-d '{
"tenant_id": "acme_corp",
"expires_in": 3600
}'201Success
Response
{
"token": "vt_eyJhbGciOiJIUzI1NiIs...",
"expires_at": "2026-01-15T10:30:00.000Z",
"request_id": "req_abc123"
}Using Viewer Tokens#
Viewer tokens are designed for two use cases: powering the @logstitch/viewer React component and making direct API calls from the browser.
Pass the token to the embeddable log viewer component:
React component
import { LogViewer } from '@logstitch/viewer';
function AuditLogPage({ viewerToken }: { viewerToken: string }) {
return (
<LogViewer
token={viewerToken}
theme="dark"
/>
);
}Or use the token directly in the Authorization header to query the GET /events endpoint:
Direct API call
curl "https://logstitch.io/api/v1/events?limit=25" \
-H "Authorization: Bearer vt_eyJhbGci..."Viewer token restrictions
Viewer tokens force tenant_id filtering. They can only be used to read events via GET /events -- they cannot ingest events, manage keys, or modify redaction rules.