Authenticating with API tokens and scopes

Create tokens under PCAdmin > API tokens. The plain token is shown once; only its SHA-256 hash is stored. Send it on every request: Authorization: Bearer . Scopes restrict a token to areas such as accounts.read or domains.read. Every request is recorded with the endpoint, status code, and source IP in the API request log, and per-token rate limits protect the endpoint surface.