Organizations
Organizations are the top-level entity in boring.tools. All projects, SBOMs, agents, and integrations belong to an organization. The organization settings page provides member management, invitation handling, and API key generation.
Members
The Members tab shows all users with access to your organization:


Each member row displays:
- Name and email — User identity
- Role — Admin or Member
- Joined date — When the user was added
- Actions — Change role or remove member
Invite members
- Go to Settings → Members
- Click Invite member
- Enter the email address
- Click Send invitation
The recipient receives an email with a magic link to accept the invitation. Once accepted, they appear in the members list.
Change member role
Click the role dropdown next to a member and select:
- Admin — Full access including organization settings
- Member — Read/write access to projects, SBOMs, and agents
The change takes effect immediately.
Remove a member
Click Remove next to a member and confirm. They will lose access to the organization immediately. This does not delete their user account.
Invitations
The Invitations tab shows pending invitations:


Each invitation shows:
- Email address — Invitee email
- Invited by — Who sent the invitation
- Sent date — When the invitation was created
- Expires — Invitations expire after 7 days
Resend an invitation
Click Resend to send a new invitation email. The expiration date resets to 7 days from now.
Revoke an invitation
Click Revoke to cancel a pending invitation. The recipient will not be able to accept it, even if they already received the email.
API Keys
The API Keys tab manages authentication tokens for CI/CD pipelines and automation:


Each API key shows:
- Name — Descriptive name you assigned
- Key prefix — First few characters for identification
- Created — Creation date
- Expires — Expiration date (optional)
- Status — Active or Disabled
Create an API key
- Go to Settings → API Keys
- Click Create API key
- Enter a descriptive name (e.g.
ci-pipeline,local-dev) - Optionally set an expiration date
- Click Create
Copy the key immediately — it is shown only once and cannot be retrieved later.
Use an API key
Include the API key in the Authorization header for all API requests:
curl -H "Authorization: Bearer your-api-key" \
https://api.boring.tools/v1/projects
See the REST API documentation for endpoint details.
Revoke an API key
Click Revoke next to a key and confirm. The key is immediately disabled and all API requests using it will fail with 401 Unauthorized.
Warning: Revoking an API key cannot be undone. Update any CI/CD pipelines or scripts using the key before revoking.
Organization settings
Additional organization settings (name, billing, etc.) are available in the Settings → General tab. Only admins can modify organization settings.