Dashboard Get started

Run one TokenID organization for the company, then carve it into workspaces for platform-ai, mobile, marketing, or prod / staging. Each workspace gets isolated API keys and provider connections, but spend, events, and violations roll up into the same finance view at the top.

Why use workspaces

Pattern Why it helps
Per team Charge AI spend to a cost centre. Cap the marketing team at $2k/mo without affecting platform.
Per project Track the cost of a single feature (a RAG re-ranker, a summariser) without bleeding into the rest of the product.
Per environment Keep prod, staging, and dev provider keys isolated. Hard-cap dev so a runaway script can't burn the prod budget.

Workspace data is fully attributed at the org level — finance still sees one consolidated dashboard, broken down by workspace.

Create a workspace

curl -X POST https://token.audit.id/api/v1/workspaces/ \
  -H "Authorization: Bearer td_live_xxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "platform-ai",
    "billing_email": "finance@acme.com"
  }'

Response (201 Created):

{
  "id": "ws_01abc…",
  "organization_id": "org_01xyz…",
  "owner_id": "usr_01def…",
  "name": "platform-ai",
  "billing_email": "finance@acme.com",
  "created_at": "2026-05-21T08:00:00Z"
}

The caller becomes owner_id for the workspace. billing_email is optional and used for workspace-scoped invoice routing.

List workspaces

curl https://token.audit.id/api/v1/workspaces/ \
  -H "Authorization: Bearer td_live_xxxx"

Returns every active workspace in the org as a flat array.

Workspace API keys

Each workspace mints its own scoped API keys (tid_ws_…). Calls made with a workspace key are tagged to that workspace automatically — no team_id plumbing needed in your code.

The full key is returned **once**, on creation. Store it in your secrets manager immediately; only the prefix is retrievable afterwards.
curl -X POST https://token.audit.id/api/v1/workspaces/ws_01abc…/api-keys \
  -H "Authorization: Bearer td_live_xxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "label": "platform-ai prod",
    "permissions": ["ingest", "read"]
  }'

Response:

{
  "id": "key_01ghi…",
  "workspace_id": "ws_01abc…",
  "label": "platform-ai prod",
  "key_prefix": "tid_ws_abc1234",
  "permissions": ["ingest", "read"],
  "is_active": true,
  "created_at": "2026-05-21T08:00:00Z",
  "last_used_at": null,
  "key": "tid_ws_abc1234XYZ…full_key_shown_once"
}

Creating workspace API keys requires the admin role or above. See Access control.

Workspace provider connections

Connect each workspace to its own upstream provider account (Anthropic, OpenAI). Credentials are encrypted at rest and never echoed back.

curl -X POST https://token.audit.id/api/v1/workspaces/ws_01abc…/providers \
  -H "Authorization: Bearer td_live_xxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "provider_type": "anthropic",
    "credentials_type": "api_token",
    "credentials": {"api_token": "sk-ant-…"}
  }'

A provider can only be connected once per workspace — re-posting returns 409 Conflict. Status starts at pending_verification and flips to verified after the first successful upstream call.

Cross-references