Authentication
How to authenticate with the LaraCopilot Agent API using bearer tokens
Authentication
The LaraCopilot Agent API uses bearer token authentication. Include your API token in the Authorization header of every request.
Bearer token
Every request to the Agent API must include this header:
Authorization: Bearer YOUR_API_TOKENExample request:
curl -X POST https://builder.laracopilot.com/api/v1/agent/generate \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-H "Accept: text/event-stream" \
-d '{"prompt": "Build a task management app"}'Managing API tokens
API tokens are created and managed from the Settings → API Tokens page in your LaraCopilot dashboard.
Only team owners can create and manage API tokens. Tokens are scoped to the team — requests made with a token consume that team's credits.
Generate a token
- Log in to your LaraCopilot account as the team owner.
- Go to Settings → API Tokens in the sidebar (or navigate to
/settings/api-tokens). - Enter a descriptive name for the token (e.g. "Production", "CI Pipeline").
- Select an expiration period.
- Click Generate Token.
- Copy the token from the modal — it will only be shown once.
Store your API token securely. Treat it like a password — do not commit it to version control or share it publicly. If a token is compromised, revoke it immediately.
Revoke a token
Go to Settings → API Tokens and click Revoke Token next to the token you want to remove. Revocation is immediate — any client using that token will receive a 401 response on its next request.
Token expiration
| Option | Behavior |
|---|---|
| 30 days | Token expires 30 days after creation |
| 60 days | Token expires 60 days after creation |
| 90 days | Token expires 90 days after creation |
| No expiration | Token remains valid until manually revoked |
Authentication errors
| Status | Response body | Cause |
|---|---|---|
401 | {"status": false, "message": "Unauthorized."} | Token missing or invalid |
401 | {"status": false, "message": "API token has expired."} | Token past its expiration date |
403 | {"status": false, "message": "This team is currently suspended."} | Team account suspended |
Example error response:
{
"status": false,
"message": "API token has expired."
}Continue to the public endpoints page for interactive request examples and playground access.
Introduction
Overview of the LaraCopilot Agent API — generate Laravel applications programmatically
Create project
Generates a new Laravel project from a natural-language prompt and streams progress back as Server-Sent Events. Save the `project_id` returned in the first event — it is required for follow-up prompts and status polling.