Skip to main content
API Tokens are an alternative authentication method to the main production keys. Where your production keys authenticate all requests from your account broadly, API tokens let you create named, scoped credentials tied to a specific app. This is useful when you have multiple integrations and want granular control over which credential authenticates which integration or when you want to issue credentials to third-party partners or contractors without sharing your master keys.

Creating a token

Click Create Token. Fill in two fields: Token name: A descriptive label that identifies what this token is used for, for example, “mobile app, production” or “partner integration, vendor”. Use names that make it immediately clear which integration or team member this token belongs to, so you can manage and revoke tokens cleanly. Select app: Choose which of your configured apps this token is associated with. The token will authenticate requests attributed to that app. Click Create Token to generate it. Copy the token value immediately when it is first shown, for security reasons; the full token value is only displayed once at creation. After that, only the masked version is visible.

Managing tokens

Rotate tokens on a regular schedule or immediately if you suspect a token has been exposed. To rotate a token, delete the existing one and create a new one. Update any integration using the old token before deleting it to avoid service interruption.