def post(self, request, sentry_app):
        if not sentry_app.is_internal:
            return Response(
                "This route is limited to internal integrations only",
                status=status.HTTP_403_FORBIDDEN,
            )

        sentry_app_installation = SentryAppInstallation.objects.get(sentry_app=sentry_app)
        try:
            api_token = Creator.run(
                request=request, sentry_app_installation=sentry_app_installation, user=request.user
            )
        except ApiTokenLimitError as e:
            return Response(str(e), status=status.HTTP_403_FORBIDDEN)

        # hack so the token is included in the response
        attrs = {"application": None}
        token = ApiTokenSerializer().serialize(api_token, attrs, request.user)

        if not sentry_app.show_auth_info(request.access):
            token["token"] = MASKED_VALUE
            token["refreshToken"] = MASKED_VALUE

        return Response(token, status=201)