Tokay documentation
Everything Tokay does, explained. Start with the promise and your first deploy, then go deeper as your app grows.
Start here
- What is Tokay. The promise, the four service types, and what your account includes.
- Your first deploy. Paste code, get a live service. Start here with code in hand.
- Deploy from Git. Push to a Tokay hosted repo.
- Deploy from GitHub. Connect a GitHub repo and keep working there.
- Deploy with an AI agent. Hand the whole job to an agent, and why that's safe here.
- Which service type is my code? Web app, scheduled job, webhook, or worker.
- Supported languages and stacks. What Tokay detects and runs.
How Tokay works
- How Tokay is organized. Workspaces, projects, services, and code, and what shares what.
- How Tokay sets up your app. What's detected, what you review, and what stays predictable.
- Permissions. Who can reach what, and what each credential can do.
- Your server. The dedicated VM everything runs on.
Your services
- Web apps. URLs, HTTPS, zero downtime updates.
- Scheduled jobs. Plain language schedules, run history, failure alerts.
- Webhooks. Your URL, request logs, testing and replay.
- Background workers. Kept alive, restarted, swapped cleanly.
Working with your app
- Secrets and environment variables. Encrypted storage, runtime delivery, never in code or logs.
- Databases. Created when needed, queryable in the browser, exportable always.
- Database migrations. Rehearsed on a copy before production, snapshots, confirmation for destructive changes.
- Deploys, updates, and rollback. The pipeline, zero downtime cutover, one click restore.
- Files and persistent storage. What survives a deploy and how to keep uploads safe.
- Service files. Browse, download, upload, and rescue files without SSH.
- One-off tasks. Run a maintenance command in your app's own environment.
- Editing your code. Browser editing, git, and the one way door between them.
- Logs and debugging. Live logs, plain English errors, Copy for AI.
- Projects and organization. Grouping, dashboards, deploy all, auto-deploy.
- Pause and resume. Stop a service without losing anything.
- Deleting and restoring. The 30-day trash.
Access and domains
- Who can open your app. Public by default, coworkers by magic link, and the access log.
- Public endpoints. Keep an app private while one path stays public.
- Machine tokens. Let scripts and CI call your protected apps.
- Custom domains. Your apps on your domain.
Account
- Workspaces and members. Teams, roles, invitations.
- SSH keys and git tokens. Credentials for pushing code.
- Security. The isolation model and everything else the security reviewer asks.
For AI agents
- For AI agents. Credentials, the deploy loop, and what's stable to rely on. Written for the agent.
- Files and one-off tasks for agents. SAVED vs CURRENT scopes, file tickets, live file rescue, and runServiceTask. Written for the agent.
- Operating and recovering services for agents. Logs, failure diagnosis, runs and test events, pause, rollback, and the trash. Written for the agent.
- Managed databases for agents. The query envelope, exports, credential rotation, and snapshots. Written for the agent.
- Releases and migration safety for agents. Rehearsal evidence, confirming parked releases, and the safety dial. Written for the agent.
- App access control for agents. Private projects, visitors, public endpoints, and machine tokens. Written for the agent.
- Identity and permissions for agents. Scoped bot identities, grant actions, and reading denials. Written for the agent.
When something's wrong
- Troubleshooting. Symptom first fixes.
Can't find it? Email hello@tokay.io.