Skip to main content
To use Membrane, you need a Membrane Token. This page explains the different types of tokens and how to get them.

Membrane Token

The main way to authenticate. Sign a JWT with your workspace key and secret. You can find your workspace key and secret on the Access page in Console Settings.

Token fields

Public/Private Key Signing

For stronger security, you can sign tokens with a public/private key pair instead of a shared secret. Pass the private key to the sign method and provide the public key in the workspace settings. Use any asymmetric algorithm: ES256, RS256, PS256, etc.

Test Token

For quick testing, get a pre-generated test token from the Access page in Console Settings.

Long-lived Tokens

For tokens that don’t expire, create a Long-lived Token on the Access page in Console Settings under the Client Tokens section.

Workspace Management Token

For administrative operations that affect the entire workspace — managing tenants, updating workspace settings, importing/exporting configuration, and other operations that aren’t scoped to a single tenant. Include isAdmin: true in the token payload and omit tenantKey:

Developer Token

Acts on behalf of your Membrane account — can do anything you can across all your workspaces. Get one from API Tokens in Console Settings.

Membrane Instance Token

For self-hosted Membrane instances. See Self-hosting for details.