API Tokens - 3Bids

1 Dashboard

2 Token List

3 Create Token

4 Token Detail

5 Webhooks

API Dashboard Planned

Active tokens, total calls, rate limit usage, recent activity

9:41

API Dashboard

Active Tokens

12.4K

API Calls (30d)

99.7%

Success Rate

62%

Rate Limit

Rate Limit Usage

6,200 / 10,000 requests / hr 62%

Resets in 24m Tier: Pro

Recent Activity

prod-integration — GET /api/jobs 200

2s ago

prod-integration — POST /api/bids 201

8s ago

staging-test — GET /api/users 403

1m ago

zapier-hook — POST /api/webhooks 200

3m ago

mobile-app — GET /api/schedule 429

5m ago

Pro Tip:Use separate tokens for each integration. If one gets compromised, revoke it without disrupting other services.

Token List Planned

Token cards with masked keys, status, usage counts, Create FAB

9:41

API Tokens

All (5)

Active (4)

Expired (1)

prod-integration

3b_live_**** a7f2

Created Mar 1, 2026 • 8,412 calls

Active

staging-test

3b_test_**** c3e9

Created Feb 14, 2026 • 2,156 calls

Active

zapier-hook

3b_live_**** 9b1d

Created Jan 20, 2026 • 1,204 calls

Active

mobile-app

3b_live_**** e4c8

Created Dec 5, 2025 • 587 calls

Active

old-crm-sync

3b_live_**** 1fa0

Created Sep 12, 2025 • 34,890 calls

Expired

Create Token Planned

Name, permissions, expiration, IP whitelist, generate button

9:41

Create Token

Token Name

Permissions

Read

GET endpoints — jobs, bids, profiles, schedules

Write

POST/PUT/PATCH — create bids, update jobs, messages

Admin

DELETE, user management, billing, token management

Webhooks

Configure webhook endpoints and event subscriptions

Expiration

IP Whitelist (optional)

Security Notice:Admin tokens can delete data and manage billing. Only grant admin permissions when absolutely necessary.

Token Detail Planned

Full token info, usage chart, permissions, revoke action

9:41

prod-integration

Token Info

Token

3b_live_**** **** **** a7f2

Created

March 1, 2026 at 10:24 AM

Expires

May 30, 2026 65 days

Last Used

2 seconds ago — GET /api/jobs

Usage (30 days)

Mar 1Mar 8Mar 15Mar 22

8,412 total calls

Permissions

Read

Write

Admin

Webhooks

Webhook Config Planned

URL input, event checkboxes, delivery log, test button

9:41

Webhooks

Webhook URL

Event Types

job.created

job.updated

bid.received

payment.completed

contract.signed

message.received

Delivery Log

job.created

Mar 26, 10:42 AM

200

bid.received

Mar 26, 10:38 AM

200

job.updated

Mar 26, 10:15 AM

500

message.received

Mar 26, 9:58 AM

200

job.created

Mar 26, 9:30 AM

408

Retry Policy:Failed deliveries are retried 3 times with exponential backoff (1m, 5m, 30m). After 3 failures, the webhook is paused and you’ll receive an email alert.

1 Dashboard & Tokens

2 Create & Permissions

3 Token Detail & Usage

4 Webhooks & Logs

Dashboard & Tokens Planned

9:41

API Tokens

Tokens

12.4K

Calls

Search tokens...

prod-integration

**** a7f2

Active

staging-test

**** c3e9

Active

zapier-hook

**** 9b1d

Active

mobile-app

**** e4c8

Active

old-crm-sync

**** 1fa0

Expired

99.7%

Success Rate

62%

Rate Limit

6,200 / 10,000 req/hr62%

Recent Activity

prod-integration — GET /api/jobs 200

staging-test — GET /api/users 403

zapier-hook — POST /api/webhooks 200

Create & Permissions Planned

9:41

Create API Token

Token Details

Token Name

Expiration

IP Whitelist

Description (optional)

Permissions

Read

GET endpoints — jobs, bids, profiles, schedules

Write

POST/PUT/PATCH — create bids, update jobs, messages

Admin

DELETE, user management, billing, token management

Webhooks

Configure webhook endpoints and event subscriptions

Security Notice:Admin tokens can delete data and manage billing. Only grant admin when absolutely necessary.

Token Detail & Usage Planned

9:41

prod-integration

Token Info

Token

3b_live_**** a7f2

Created

Mar 1, 2026

Expires

May 30, 2026

Last Used

2s ago

Permissions

Read

Write

Admin

Usage (30 days)

8,412 total calls

8,387

Successful

Failed

Webhooks & Logs Planned

9:41

Webhooks

Configuration

Webhook URL

Event Types

job.created

job.updated

bid.received

payment.completed

message.received

Delivery Log

job.created

Mar 26, 10:42 AM • 142ms

200

bid.received

Mar 26, 10:38 AM • 98ms

200

job.updated

Mar 26, 10:15 AM • 2,340ms

500

message.received

Mar 26, 9:58 AM • 87ms

200

job.created

Mar 26, 9:30 AM • timeout

408

API Dashboard Planned

https://app.3bids.io/contractor/api

API Dashboard

5 Active Tokens · 12.4K Calls (30d)

Active Tokens

12,449

Total API Calls

99.7%

Success Rate

62%

Rate Limit Used

Active Tokens

5 tokens

NameTokenCreatedCallsStatus

prod-integration 3b_live_****a7f2 Mar 1 8,412 Active

staging-test 3b_test_****c3e9 Feb 14 2,156 Active

zapier-hook 3b_live_****9b1d Jan 20 1,204 Active

mobile-app 3b_live_****e4c8 Dec 5 587 Active

old-crm-sync 3b_live_****1fa0 Sep 12 34,890 Expired

Token Management Planned

https://app.3bids.io/contractor/api/tokens

Token Management

New Token

Token Name

Expiration

IP Whitelist

Permissions

Read

GET endpoints — jobs, bids, profiles, schedules

Write

POST/PUT/PATCH — create bids, update jobs, messages

Admin

DELETE, user management, billing, token management

Webhooks

Configure webhook endpoints and event subscriptions

Security Notice:Admin tokens can delete data and manage billing. Rotate tokens every 90 days. Never expose tokens in client-side code or version control.

Webhook Center Planned

https://app.3bids.io/contractor/api/webhooks

Webhook Center

Configuration

Endpoint URL

Secret Key

Event Subscriptions

job.created

job.updated

bid.received

payment.completed

contract.signed

message.received

Delivery Log

Last 24 hours

EventTimestampDurationStatusResponse

job.created Mar 26, 10:42 AM 142ms 200 OK

bid.received Mar 26, 10:38 AM 98ms 200 OK

job.updated Mar 26, 10:15 AM 2,340ms 500 Internal Error

message.received Mar 26, 9:58 AM 87ms 200 OK

job.created Mar 26, 9:30 AM timeout 408 Timeout

Usage & Docs Planned

https://app.3bids.io/contractor/api/usage

Usage & Docs

Pro Tier · 10,000 req/hr

Rate Limits

Requests / hour6,200 / 10,000

Requests / day42,800 / 100,000

Webhook deliveries / day156 / 1,000

Rate Limit Headers:Every response includes X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers. Use these to implement client-side throttling.

Quick Start

cURL

curl -X GET https://api.3bids.io/v1/jobs \
  -H "Authorization: Bearer 3b_live_..." \
  -H "Content-Type: application/json"

JavaScript

const res = await fetch(
  "https://api.3bids.io/v1/jobs",
  { headers: { Authorization: "Bearer 3b_live_..." } }
);
const jobs = await res.json();

Python

import requests
r = requests.get(
    "https://api.3bids.io/v1/jobs",
    headers={"Authorization": "Bearer 3b_live_..."}
)
jobs = r.json()

Data Architecture

Schema tables, queries, mutations, and status flows that power the API Token system.

Source Files

api-tokens/index.tsx

Token List — dashboard stats, search, token cards, FAB

screen

api-tokens/[id].tsx

Token Detail — usage chart, permissions, revoke action

screen

api-tokens/create.tsx

Create Token Form — name, permissions, expiration, IP whitelist

screen

api-tokens/webhooks.tsx

Webhook Config — URL, events, delivery log, test webhook

screen

Convex Queries

listApiTokens

Filter by status (active, expired, revoked). Returns all tokens with usage counts.

query

getApiToken

Single token with masked key, permissions, usage stats, last used timestamp.

query

getTokenUsage

Daily/hourly usage aggregation for chart display. Includes success/fail breakdown.

query

listWebhookDeliveries

Paginated delivery log with status codes, duration, retry count.

query

getRateLimitStatus

Current usage vs. limits (hourly, daily). Reset timestamps per tier.

query

Convex Mutations

createApiToken

Name, permissions, expiration, IP whitelist. Returns full token string (shown once).

mutation

revokeApiToken

Soft revoke by tokenId. Immediately invalidates. Preserves usage history.

mutation

updateWebhookConfig

URL, secret, event subscriptions. Validates URL reachability before saving.

mutation

testWebhook

Sends test payload to configured URL. Returns status code and response body.

mutation

Token Lifecycle

created → active → expiring_soon → expired

Manual: revoked

Key Design Decisions

Contractor Palette

Terracotta accent throughout. IconCircle variants B/D/F for categories, semantic H/J/K/L for statuses

Rate Limit Visibility

Warning-colored progress bar with percentage. Proactive alerts before hitting limits

Token Masking

Only last 4 characters shown. Full token displayed once at creation, never stored in plaintext

Revocation Pattern

Soft revoke preserves usage history. Error-colored danger button with confirmation. Immediate invalidation

Webhook Delivery Log

HTTP status badges (200/408/500) with response time. Retry policy: 3 attempts with exponential backoff

Permission Scoping

Four levels: Read, Write, Admin, Webhooks. Checkbox pattern with descriptions. Admin requires explicit opt-in