Skip to main content
POST
/
v1
/
admin
/
token-icons
/
preview
Admin Token Icons
curl --request POST \
  --url https://api.glider.fi/v1/admin/token-icons/preview \
  --header 'X-API-KEY: <api-key>'
These endpoints let internal tools prepare scalable token icon SVGs for the Glider CDN. Retool sends a token symbol and uploaded SVG contents; platform-api validates the SVG, rejects unsafe/oversized assets, normalizes the canvas to viewBox="0 0 24 24", optimizes the SVG, and can upload the result to the configured GCS bucket.

Auth

All routes are protected by a scoped token icon admin token:
  • Authorization: Bearer <RETOOL_TOKEN_ICONS_ADMIN_TOKEN>
  • Content-Type: application/json
ADMIN_AUTH_SECRET_TOKEN is also accepted for internal engineer/admin usage, but Retool should use the scoped token icon token. Uploads are disabled unless TOKEN_ICON_CDN_UPLOADS_ENABLED=true. When enabled, the runtime must also configure TOKEN_ICON_CDN_BUCKET_NAME, TOKEN_ICON_CDN_PROJECT_ID, and TOKEN_ICON_CDN_BASE_URL; the API no longer defaults upload storage to production targets.

Preview Token Icon

POST /v1/admin/token-icons/preview 
{
  "symbol": "EDGE",
  "fileName": "EDGE.svg",
  "svgBase64": "PHN2ZyB2aWV3Qm94PSIwIDAgMjQgMjQiPjwvc3ZnPg=="
}
The request accepts either svg with raw SVG text or svgBase64 with base64 SVG text. Data URLs such as data:image/svg+xml;base64,... are also accepted. cdnUrl is null when TOKEN_ICON_CDN_BASE_URL is not configured, so Retool should rely on objectPath for previews in local/unconfigured environments. Successful responses use the standard API envelope. In Retool, read the token icon fields from data.*. 
{
  "success": true,
  "data": {
    "symbol": "EDGE",
    "fileName": "EDGE.svg",
    "originalSizeBytes": 240,
    "optimizedSizeBytes": 120,
    "targetViewBox": "0 0 24 24",
    "warnings": [],
    "optimizedSvg": "<svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 24 24\"></svg>",
    "previewDataUrl": "data:image/svg+xml;base64,PHN2Zy8+",
    "objectPath": "tokenicons-scalable/tokens/background/EDGE.svg",
    "cdnUrl": "https://cdn.glider.fi/tokenicons-scalable/tokens/background/EDGE.svg"
  },
  "timestamp": "2026-05-03T00:00:00.000Z"
}

Upload Token Icon

POST /v1/admin/token-icons/upload 
{
  "symbol": "EDGE",
  "fileName": "EDGE.svg",
  "svgBase64": "PHN2ZyB2aWV3Qm94PSIwIDAgMjQgMjQiPjwvc3ZnPg==",
  "uploadedBy": "[email protected]",
  "allowOverwrite": false
}
Uploads the optimized SVG to the configured CDN bucket. Existing files are not overwritten unless allowOverwrite is true. The default uploaded Cache-Control is public, max-age=300, must-revalidate. If an existing symbol is overwritten, already-cached CDN/browser copies may remain visible until the configured max age expires. The upload response uses the same envelope as preview and adds data.upload.*, including the final bucketName, objectPath, cdnUrl, cacheControl, and overwritten flag.

Safety Limits

  • Input SVG max: 1 MB
  • Optimized SVG target: 50 KB
  • Optimized SVG hard max: 100 KB
  • Rejected: scripts, inline event handlers, embedded raster images, foreignObject, animations, <style> elements, style attributes, external references, data: references, non-fragment href/xlink:href/src attributes, and XML entity/doctype declarations.