Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.time2.bike/llms.txt

Use this file to discover all available pages before exploring further.

A timing session token is a scoped, revocable credential a director generates for a single session. Volunteers redeem it by scanning a QR code or opening a time2.bike/timing/join?token=… link. No password, no rider account required. Token QR

Issue a token

  1. Open the session as an admin.
  2. Click Tokens in the toolbar.
  3. Click Issue new token and fill in:
    • Label — for your own reference (“Finish line phone #1”).
    • Roles — any combination of view, timer, marshal, admin, refund (see Roles).
    • Expires in — number of hours from now.
    • Allowed races — optionally restrict the token to specific races within the session.
  4. Click Create.
You see the raw token and the QR code once. Copy / screenshot / print before closing the dialog — the raw value is never shown again.

Volunteer experience

The volunteer opens the QR code on their phone. They land on /timing/join?token=tt_[hex], see a confirmation card with org / event / session / role / expiry, and tap Continue. The token is stored in the browser’s localStorage; subsequent visits to the operator screen are automatic. Join page

Revoke

In the token list, click Revoke on any active token. The next API call from that token returns “session not found”. Re-issue if needed.

What tokens can’t do

Scoped tokens cannot:
  • Create new sessions (admin org members only).
  • Delete a session.
  • Issue more tokens (unless the token has admin role).
  • Touch other events in the org.
The system enforces this on every API call by URL-prefix matching the token’s scope.