API tokens

Making an API request to access MK.IO services requires a token for authentication.

An API (Application Programming Interface) token is a unique character string that carries information on the user. It acts like a key that tells the API who you are and what you are allowed to do. Using an API token ensures that only authorized users and applications can use the API services.

The personal token contains the following information:

  • the identity of the user,
  • the identity of the organization,
  • the token type and expiration date,
  • (optionally a set of permissions if the token only grants a subset of the user's permissions).

Create a personal API token

Any user can create a personal token:

  1. From your profile drop-down menu in the top right corner, click your email, then navigate to the Your personal API tokens section.
  2. Click Add Token then enter a description and the expiration date (UTC time).
  3. Click Add Token.
  4. Once created, the token must be copied in a secure place as it’s only visible for 5 minutes.

View tokens

  • As a user, you can only see the tokens that you created: from your profile drop-down menu in the top right corner, click your email, then navigate to the Your personal API tokens section.
  • As an Admin, you can view all the API tokens and their creators: from the profile drop-down menu, in the top right corner, navigate to Organization Settings then select Api tokens.

Revoke an API token

For each token in the list, you can use the action button at the right of the line to either view the token details or revoke the token.