What is a permanent API token and when it can be used
An API token is a unique identifier of an application requesting access to your account via the API.
Our API documentation describes how to get a standard authorization token with a validity period of 1 hour, to update it, use the Refresh token request with a validity period of 24 hours. Such validity periods can be useful for one-time requests.
To set up an automated process for working with our CDN service (for example, automatic cache clearing), use a permanent API token, which you can create in your personal account.
Please refer to specific product API documentation in order to check if it supports permanent API tokens.
To manage services add your permanent API token after APIKey in the authorization header: 'Authorization: APIKey 7711$eyJ0eXAiOiJKV'
Create a permanent API token
Note! There is currently a limit of 50 API tokens per account
1. In your Personal Account, go to Profile.
2. Open the API tokens section.
3. Click Create API token.
The form for an API token creation will be opened.
4. In the Token name field, specify the token name.
5. (optional) In the Description field, you can enter additional information about the token. This is an optional field.
6. In the Role section, specify the rights that are assigned to the created token.
Important! A user can create a token with a role equal to or lower than their own. This means that a user with the User role cannot create a token with the Administrators role.
7. In the Expiration section, select the expiration date of the token:
- Never expire means that the validity period of the token is unlimited.
- Set expiration date option choosing this option set the expiration date of the token in the field below.
8. Click the Create button to generate the API token.
A pop-up window with the API token will be opened.
9. The generated token is not stored in the system. You can view it in your Personal Account only once during its creation. Copy and save the token.
10. After you have saved the generated token, click OK, I've copied token. Information about the token will be displayed in the API tokens section.
Delete an API token
Only users with the Administrators role can delete any tokens issued for the account. Users with other roles can only delete tokens that were issued only by these users.
- In your Personal Account, go to Profile.
- Open the API tokens section.
- Next to the required API token, click on the three dots sign and select Delete API token.
API tokens section
This section displays all issued API tokens, as well as information about who issued the token, token role, last usage, expiration date, and status.
Important! Only users with the Administrators role can see and manage all tokens issued for the account. Users with other roles can only see and manage the tokens that were issued by these users.
For a quick search, use :
- Issued by filter for filtering by a user who issued a token
- Role filter for filtering by the role assigned to the token
- Status filter for filtering by token status: active/expired/deleted-filter
API token expiration notifications
API token expiration notifications are displayed in your personal account and are sent by default to users who have issued a token and to users with the Administrators role.
You can configure notifications in the Notifications section of the Profile tab.
Users are notified by email:
- 7 days before the token expires.
- 1 day before the token expires.
The API Tokens section will be marked with an exclamation mark if there are tokens that expire in 7 days or less.
An API token and SSO
When logging in via SAML SSO, our system does not have information about the status of the permissions granted to the user by the provider.
Even if the provider revoked the user's access rights, their tokens will remain active for account management.
Important! If you need to restrict access via a permanent API token for a user with SSO authorization, delete the required token from your Personal Account.