Skip to main content
Prints the bot and user tokens for a clone’s default app — the same tokens spin shows once at create time. Tokens are stored locally in ~/.asymmetric/registry.json (mode 0600) so you can retrieve them any time without re-spinning; the clone’s database only ever stores hashes. Use these as bearer tokens against the clone’s REST API. See Apps and tokens and Connect your agent.

Arguments

Options

Examples

Print the tokens:
Capture one for a script:

Rotation and recovery

--reprovision mints a fresh pair and revokes the old ones. Use it to:
  • rotate a token you’d rather not keep using, or
  • recover when the tokens weren’t captured at spin time (a rare provisioning hiccup) — re-provisioning always returns a working pair, so a clone can never get stuck without usable tokens.
Rotation is destructive to the old tokens — anything still using them (a running agent, a saved script) will start getting 401s. Update those consumers after rotating.

Notes

  • status / ls --json redact these tokens; tokens and spin are the only commands that print them in the clear.
  • Tokens carry OAuth scopes, and the Slack clone enforces them on both its REST API and its MCP surface — a request whose token lacks the required scope is rejected, matching real Slack. The bot and user tokens minted at provision time carry the app’s full default scope set.