Skip to main content
Claude Scope uses JWT Bearer tokens to authenticate API requests. Every call to the API — except public auth endpoints — must include a valid token in the Authorization header. Tokens are issued when you sign in through the web app and are stored locally in your browser. You read the token once, then include it in every request you make from your own code.
Your API token grants full access to your Claude Scope account, including all sessions, recordings, and settings. Treat it like a password: never commit it to source control, never share it publicly, and store it in an environment variable or secrets manager when using it in scripts.

Obtaining a token

Tokens are not issued via a dedicated API key endpoint. Instead, they are created when you sign in through the Claude Scope web app.
  1. Sign in at https://app.claudescope.ai/auth.
  2. After a successful sign-in, open your browser’s developer tools and navigate to Application → Local Storage.
  3. Find the stored authentication entry. Copy the access token string — it starts with eyJ.
  4. That token is your Bearer token for API requests.

Passing the token

Include the token in the Authorization header of every request: 
Authorization: Bearer <your-access-token>

Example: curl

curl https://api.claudescope.ai/api/sessions \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9..."

Example: JavaScript fetch

const response = await fetch('https://api.claudescope.ai/api/sessions', {
  headers: {
    Authorization: 'Bearer eyJhbGciOiJSUzI1NiJ9...',
  },
});
const sessions = await response.json();

Token expiry

Tokens expire when your session ends. The Claude Scope web app does not currently support programmatic token refresh. If your token expires, sign back in through the web app to obtain a new one.

Error responses

When a request is made with a missing, expired, or invalid token, the API returns 401 Unauthorized: 
{ "statusCode": 401, "message": "Unauthorized" }
The Claude Scope web app automatically clears your stored credentials and redirects you to /auth when it receives a 401. If you are calling the API directly from a script and receive this status code, re-authenticate through the web app and update your token.