Skip to main content
Service accounts are non-human identities for programmatic access to the Delphina API — for scripts, scheduled jobs, and integrations that shouldn’t run under a person’s login. Each service account is scoped to specific workspaces and holds one or more API tokens. Organization admins manage service accounts at Org Admin > Service Accounts.
Service accounts are for machine-to-machine access. For your own interactive or personal automation, use a personal API token instead — see User Settings.

When to use a service account

  • The credential should belong to a team or system, not an individual, so it keeps working when people join or leave.
  • You want access scoped to specific workspaces and roles, independent of any person’s permissions.
  • You need several tokens for the same identity (for example, one per environment) that you can rotate independently.

Creating a service account

  1. Go to Org Admin > Service Accounts.
  2. Click + New service account.
  3. Enter a Name. This becomes a permanent identifier of the form name@<org>.svc.delphina.ai. Use lowercase letters, digits, and hyphens (not at the start or end), up to 64 characters.
  4. Optionally add a Description explaining what the account is used for.
  5. Click Create.
The name and identifier are fixed at creation and cannot be changed later. Only the description is editable afterward. A new service account has no token yet — Delphina opens its management dialog so you can create the first one.

Assigning workspace roles

A service account can only act in workspaces you assign to it. In the account’s management dialog, open the Workspace roles tab.
  1. Select a Workspace and a Role, then click Add.
  2. Repeat for each workspace the account needs.
Roles match the user roles: Developer, Explorer, or Viewer. The token acts with the assigned role in each workspace.

Home workspace

The home workspace is the workspace the account defaults to when it authenticates. Set it from the Workspace roles tab once at least one role is assigned. It must be one of the account’s assigned workspaces.

Managing tokens

Open the Tokens tab in the account’s management dialog.

Create a token

  1. Click + Create token.
  2. Optionally give the token a Name to identify where it’s used.
  3. Choose an expiration: No expiration, or 7 / 30 / 90 / 180 / 365 days.
  4. Click Create token.
Delphina shows the full token once, along with a ready-to-paste Authorization: Bearer … header. Copy it now — for security, the token is never shown again. Afterward the list displays only a masked form (prefix + last four characters).

Token list

Each token row shows its name, masked value, created date, last used date, and expiration. Use this to spot unused or soon-to-expire tokens.

Revoke a token

Click the trash icon on a token row and confirm. Revocation takes effect immediately and cannot be undone — any integration using that token stops working. Revoked tokens are hidden by default; toggle Show revoked to see them (kept for the audit trail).

Using a token

Send the token as a bearer credential on your API requests:
The request runs as the service account, scoped to its home workspace and assigned roles. To call the Delphina MCP server with a token, see Delphina MCP Server.

Deleting a service account

Click the trash icon on a service account row (or Delete service account in its management dialog) and confirm. Deleting an account revokes all of its tokens immediately and cannot be undone. Any integration using them stops working.

Security best practices

  • Give each integration its own token so you can revoke one without disrupting the others.
  • Scope service accounts to the fewest workspaces and the lowest role they need.
  • Set an expiration on tokens where practical, and rotate long-lived tokens periodically.
  • Never commit tokens to source control. Store them in a secrets manager or environment variables.
  • Revoke a token as soon as it’s no longer needed or may have been exposed.