Tokens¶

Tinybird uses tokens to authenticate CLI and API requests. Tokens protect access to your resources. Any operation to manage your resources using the CLI or REST API requires a valid token with the necessary permissions.

There are two types of tokens:

Static tokens: Use them to perform operations on your account, like importing data, creating data sources, or publishing APIs using the CLI or REST API. Use them to read data as well, just be mindful of their permanent nature.
JSON Web tokens: Use them to read from published endpoints that expose your data to an application, when you want to implement filtering per user via fixed parameters (RBAC) or to apply rate limiting for different end users of Tinybird endpoints.

Where tokens are stored and used¶

How you store and pass tokens depends on the environment:

Tinybird CLI: tb login stores your CLI credentials in the local .tinyb file.
SDK projects: the TypeScript and Python SDK CLIs read TINYBIRD_TOKEN and TINYBIRD_URL from .env.local during local development.
CI/CD: store TINYBIRD_TOKEN and TINYBIRD_URL as secret environment variables in your CI provider.
API calls: pass the token in the Authorization header.

SDK projects commonly use a .env.local file during development:

.env.local

TINYBIRD_TOKEN=p.your_token_here
TINYBIRD_URL=https://api.tinybird.co

In CI/CD, set the same values as protected secrets and use them when deploying:

CI/CD deploy

export TINYBIRD_TOKEN="$TINYBIRD_TOKEN"
export TINYBIRD_URL="$TINYBIRD_URL"
tb deploy

For direct API calls, pass the token as a bearer token:

API request with a token

curl \
  -H "Authorization: Bearer <token>" \
  "https://api.tinybird.co/v0/pipes/<endpoint>.json"

Quickstarts

Development Workflow

Core Concepts

Ingest data

Query data

Copy and export data

Monitor Tinybird

Pricing

Guides

Reference