Menu

Project Auth Tokens

Project Auth Tokens enable programmatic access to specific BetaHub projects for in-game reporting, launchers, and custom integrations. Unlike Personal Access Tokens which provide full account access, Project Auth Tokens are scoped to a single project with configurable permissions and rate limits.

What Are Project Auth Tokens?

Project Auth Tokens (tkn- prefix) are created by project owners to grant limited API access for specific use cases:

  • In-game bug reporting through Unity, Unreal Engine, and other game engine plugins
  • Game launcher integrations for automated feedback collection
  • Public feedback forms with controlled access
  • Third-party tools that need project-specific access

Key Differences from Personal Access Tokens

Feature Personal Access Token Project Auth Token
Token Prefix pat- tkn-
Created By Individual users Project owners
Scope All user-accessible projects Single project only
Rate Limiting None Configurable IP-based
Authentication Header Bearer pat-... FormUser tkn-...
Typical Use General API, scripts In-game reporting
Permissions Inherit user permissions Project-specific config

Creating Project Auth Tokens

Permission Required: You must be a project owner or have developer permissions to create Project Auth Tokens.

Step 1: Navigate to Project Settings

  1. Go to your project dashboard
  2. Click Settings in the sidebar
  3. Select API Tokens from the settings menu

Step 2: Create a New Token

  1. Click the “New Token” button
  2. Configure the token settings:
    • Token Name (required): Descriptive name (e.g., “Unity Plugin”, “Game Launcher”)
    • Permissions: Select what actions this token can perform
    • Rate Limits: Configure IP-based daily limits

Step 3: Copy and Store Token

CRITICAL: One-Time Display

After creating the token, it will be displayed ONLY ONCE. Copy it immediately and store it securely. If you lose it, you’ll need to delete and create a new token.

Token Permissions

Configure what each token can do:

Bug Reporting:

  • Can Create Bug Report - Allow bug/issue submission
  • Limit Per Day - Daily limit per IP address (default: 8)

Feature Requests:

  • Can Create Feature Request - Allow suggestion submission
  • Limit Per Day - Daily limit per IP address (default: 8)

Support Tickets:

  • Can Create Ticket - Allow support ticket submission
  • Limit Per Day - Daily limit per IP address (default: 8)

Releases:

  • Can Read Release List - Access to release information
  • Can Create Release - Upload new versions (advanced use cases)

Rate Limiting and IP Tracking

Project Auth Tokens use IP-based rate limiting to prevent abuse:

How It Works:

  • Each unique IP address is tracked separately
  • Limits reset daily at midnight UTC
  • Counters are maintained per token per IP per day

Default Limits:

  • Bug reports: 8 per day per IP
  • Feature requests: 8 per day per IP
  • Support tickets: 8 per day per IP

When Limit is Exceeded:

HTTP Status: 403 Forbidden
Response: { "error": "Not allowed to [action]." }

Configuring Limits: Adjust the daily limits when creating or editing a token based on your needs. Higher limits are appropriate for automated systems, while lower limits work well for public forms.

Using Project Auth Tokens

Authentication Format:

curl -H "Authorization: FormUser tkn-YOUR_TOKEN_HERE" \
     -H "BetaHub-Project-ID: pr-YOUR_PROJECT_ID" \
     -H "Content-Type: application/json" \
     https://app.betahub.io/projects/pr-YOUR_PROJECT_ID/issues.json

Creating a Bug Report:

curl -X POST \
  -H "Authorization: FormUser tkn-abc123def456..." \
  -H "BetaHub-Project-ID: pr-abc123" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Player falls through floor in level 3",
    "description": "When jumping near the water fountain...",
    "category": "bug",
    "priority": "high"
  }' \
  https://app.betahub.io/projects/pr-abc123/issues.json

Optional: User Identification with JWT

You can attach a JWT token to identify the submitter:

Authorization: FormUser tkn-YOUR_TOKEN,YOUR_JWT_TOKEN

This associates the submission with a specific user while using the token’s project permissions.

Managing Project Auth Tokens

Viewing Tokens: In Project Settings → API Tokens, you can see:

  • Token name and creation date
  • Configured permissions
  • Rate limit settings
  • Partial token value (first 8 characters)

Editing Tokens:

  • Update token name
  • Modify permissions
  • Adjust rate limits
  • Changes take effect immediately

Deleting Tokens:

  1. Click Delete next to the token
  2. Confirm deletion
  3. Token is immediately revoked
  4. Applications using it will receive 403 errors

Token Deletion: Deletion is immediate and irreversible. Game clients and integrations using the token will immediately lose access.

Common Use Cases

Unity Plugin Integration:

// Configure BetaHub reporter
BugReportUI.projectId = "pr-abc123";
BugReportUI.authToken = "tkn-YOUR_TOKEN_HERE";

Custom Web Form:

// Submit bug from custom form
await fetch('https://app.betahub.io/projects/pr-123/issues.json', {
  method: 'POST',
  headers: {
    'Authorization': 'FormUser tkn-YOUR_TOKEN',
    'BetaHub-Project-ID': 'pr-123',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    title: bugTitle,
    description: bugDescription,
    category: 'bug'
  })
});

Game Launcher: Use Project Auth Tokens to allow players to submit feedback directly from your launcher without web authentication.

Security Best Practices

Token Distribution:

  • ✅ Embed in game builds for in-game reporting
  • ✅ Use in public-facing forms with rate limits
  • ✅ Include in launcher applications
  • ❌ Don’t expose tokens with high rate limits publicly
  • ❌ Don’t share tokens across unrelated projects

Limit Configuration:

  • Set conservative limits for public-facing tokens
  • Use higher limits for trusted internal tools
  • Monitor token usage through project analytics

Regular Maintenance:

  • Review active tokens periodically
  • Delete tokens for discontinued features
  • Rotate tokens for long-running integrations
  • Create separate tokens for different integrations

Finding Your Project ID:

Your project ID is visible in the browser URL when viewing a project:

https://app.betahub.io/projects/pr-abc123
                               └─────┬──────┘
                                 Project ID

Use this ID in API calls wherever you see {project_id} or pr-123 in examples.

See Also

Project Auth Tokens

Project Auth Tokens enable programmatic access to specific BetaHub projects for in-game reporting, launchers, and custom integrations. Unlike Personal Access Tokens which provide full account access, Project Auth Tokens are scoped to a single project with configurable permissions and rate limits.

What Are Project Auth Tokens?

Project Auth Tokens (tkn- prefix) are created by project owners to grant limited API access for specific use cases:

  • In-game bug reporting through Unity, Unreal Engine, and other game engine plugins
  • Game launcher integrations for automated feedback collection
  • Public feedback forms with controlled access
  • Third-party tools that need project-specific access

Key Differences from Personal Access Tokens

Feature Personal Access Token Project Auth Token
Token Prefix pat- tkn-
Created By Individual users Project owners
Scope All user-accessible projects Single project only
Rate Limiting None Configurable IP-based
Authentication Header Bearer pat-... FormUser tkn-...
Typical Use General API, scripts In-game reporting
Permissions Inherit user permissions Project-specific config

Creating Project Auth Tokens

Permission Required: You must be a project owner or have developer permissions to create Project Auth Tokens.

Step 1: Navigate to Project Settings

  1. Go to your project dashboard
  2. Click Settings in the sidebar
  3. Select API Tokens from the settings menu

Step 2: Create a New Token

  1. Click the “New Token” button
  2. Configure the token settings:
    • Token Name (required): Descriptive name (e.g., “Unity Plugin”, “Game Launcher”)
    • Permissions: Select what actions this token can perform
    • Rate Limits: Configure IP-based daily limits

Step 3: Copy and Store Token

CRITICAL: One-Time Display

After creating the token, it will be displayed ONLY ONCE. Copy it immediately and store it securely. If you lose it, you’ll need to delete and create a new token.

Token Permissions

Configure what each token can do:

Bug Reporting:

  • Can Create Bug Report - Allow bug/issue submission
  • Limit Per Day - Daily limit per IP address (default: 8)

Feature Requests:

  • Can Create Feature Request - Allow suggestion submission
  • Limit Per Day - Daily limit per IP address (default: 8)

Support Tickets:

  • Can Create Ticket - Allow support ticket submission
  • Limit Per Day - Daily limit per IP address (default: 8)

Releases:

  • Can Read Release List - Access to release information
  • Can Create Release - Upload new versions (advanced use cases)

Rate Limiting and IP Tracking

Project Auth Tokens use IP-based rate limiting to prevent abuse:

How It Works:

  • Each unique IP address is tracked separately
  • Limits reset daily at midnight UTC
  • Counters are maintained per token per IP per day

Default Limits:

  • Bug reports: 8 per day per IP
  • Feature requests: 8 per day per IP
  • Support tickets: 8 per day per IP

When Limit is Exceeded:

HTTP Status: 403 Forbidden
Response: { "error": "Not allowed to [action]." }

Configuring Limits: Adjust the daily limits when creating or editing a token based on your needs. Higher limits are appropriate for automated systems, while lower limits work well for public forms.

Using Project Auth Tokens

Authentication Format:

curl -H "Authorization: FormUser tkn-YOUR_TOKEN_HERE" \
     -H "BetaHub-Project-ID: pr-YOUR_PROJECT_ID" \
     -H "Content-Type: application/json" \
     https://app.betahub.io/projects/pr-YOUR_PROJECT_ID/issues.json

Creating a Bug Report:

curl -X POST \
  -H "Authorization: FormUser tkn-abc123def456..." \
  -H "BetaHub-Project-ID: pr-abc123" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Player falls through floor in level 3",
    "description": "When jumping near the water fountain...",
    "category": "bug",
    "priority": "high"
  }' \
  https://app.betahub.io/projects/pr-abc123/issues.json

Optional: User Identification with JWT

You can attach a JWT token to identify the submitter:

Authorization: FormUser tkn-YOUR_TOKEN,YOUR_JWT_TOKEN

This associates the submission with a specific user while using the token’s project permissions.

Managing Project Auth Tokens

Viewing Tokens: In Project Settings → API Tokens, you can see:

  • Token name and creation date
  • Configured permissions
  • Rate limit settings
  • Partial token value (first 8 characters)

Editing Tokens:

  • Update token name
  • Modify permissions
  • Adjust rate limits
  • Changes take effect immediately

Deleting Tokens:

  1. Click Delete next to the token
  2. Confirm deletion
  3. Token is immediately revoked
  4. Applications using it will receive 403 errors

Token Deletion: Deletion is immediate and irreversible. Game clients and integrations using the token will immediately lose access.

Common Use Cases

Unity Plugin Integration:

// Configure BetaHub reporter
BugReportUI.projectId = "pr-abc123";
BugReportUI.authToken = "tkn-YOUR_TOKEN_HERE";

Custom Web Form:

// Submit bug from custom form
await fetch('https://app.betahub.io/projects/pr-123/issues.json', {
  method: 'POST',
  headers: {
    'Authorization': 'FormUser tkn-YOUR_TOKEN',
    'BetaHub-Project-ID': 'pr-123',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    title: bugTitle,
    description: bugDescription,
    category: 'bug'
  })
});

Game Launcher: Use Project Auth Tokens to allow players to submit feedback directly from your launcher without web authentication.

Security Best Practices

Token Distribution:

  • ✅ Embed in game builds for in-game reporting
  • ✅ Use in public-facing forms with rate limits
  • ✅ Include in launcher applications
  • ❌ Don’t expose tokens with high rate limits publicly
  • ❌ Don’t share tokens across unrelated projects

Limit Configuration:

  • Set conservative limits for public-facing tokens
  • Use higher limits for trusted internal tools
  • Monitor token usage through project analytics

Regular Maintenance:

  • Review active tokens periodically
  • Delete tokens for discontinued features
  • Rotate tokens for long-running integrations
  • Create separate tokens for different integrations

Finding Your Project ID:

Your project ID is visible in the browser URL when viewing a project:

https://app.betahub.io/projects/pr-abc123
                               └─────┬──────┘
                                 Project ID

Use this ID in API calls wherever you see {project_id} or pr-123 in examples.

See Also

On This Page