Organizations

Organizations are the top-level entity in boring.tools. All projects, SBOMs, agents, and integrations belong to an organization. The organization settings page provides member management, invitation handling, and API key generation.

Members

The Members tab shows all users with access to your organization:

Organization members in light mode

Organization members in dark mode

Each member row displays:

  • Name and email — User identity
  • Role — Admin or Member
  • Joined date — When the user was added
  • Actions — Change role or remove member

Invite members

  1. Go to Settings → Members
  2. Click Invite member
  3. Enter the email address
  4. Click Send invitation

The recipient receives an email with a magic link to accept the invitation. Once accepted, they appear in the members list.

Change member role

Click the role dropdown next to a member and select:

  • Admin — Full access including organization settings
  • Member — Read/write access to projects, SBOMs, and agents

The change takes effect immediately.

Remove a member

Click Remove next to a member and confirm. They will lose access to the organization immediately. This does not delete their user account.

Invitations

The Invitations tab shows pending invitations:

Organization invitations in light mode

Organization invitations in dark mode

Each invitation shows:

  • Email address — Invitee email
  • Invited by — Who sent the invitation
  • Sent date — When the invitation was created
  • Expires — Invitations expire after 7 days

Resend an invitation

Click Resend to send a new invitation email. The expiration date resets to 7 days from now.

Revoke an invitation

Click Revoke to cancel a pending invitation. The recipient will not be able to accept it, even if they already received the email.

API Keys

The API Keys tab manages authentication tokens for CI/CD pipelines and automation:

Organization API keys in light mode

Organization API keys in dark mode

Each API key shows:

  • Name — Descriptive name you assigned
  • Key prefix — First few characters for identification
  • Created — Creation date
  • Expires — Expiration date (optional)
  • Status — Active or Disabled

Create an API key

  1. Go to Settings → API Keys
  2. Click Create API key
  3. Enter a descriptive name (e.g. ci-pipeline, local-dev)
  4. Optionally set an expiration date
  5. Click Create

Copy the key immediately — it is shown only once and cannot be retrieved later.

Use an API key

Include the API key in the Authorization header for all API requests:

curl -H "Authorization: Bearer your-api-key" \
  https://api.boring.tools/v1/projects

See the REST API documentation for endpoint details.

Revoke an API key

Click Revoke next to a key and confirm. The key is immediately disabled and all API requests using it will fail with 401 Unauthorized.

Warning: Revoking an API key cannot be undone. Update any CI/CD pipelines or scripts using the key before revoking.

Organization settings

Additional organization settings (name, billing, etc.) are available in the Settings → General tab. Only admins can modify organization settings.

Last updated: June 4, 2026