You use API tokens to authenticate yourself when you make authorized API connections. Previously called an OAuth Refresh token, an API token authorizes access per organization.

A token is valid for six months, after which time you must regenerate it if you want to continue using APIs that rely on a token. If you feel the token has been compromised, you can revoke the token to prevent unauthorized access. You generate a new token to renew authorization.

You can regenerate a token at any time. If you regenerate a token, you revoke all instances of the previous token. If you have used the token, for example in one of your scripts, remember to replace it with the newly generated token.


  1. On the Cloud Services Console toolbar, click your user name and select My Account > API Tokens.
  2. Enter a name for the token.
  3. Specify the lifespan of the token.
  4. Define scopes for the token.

    Scopes provide a way to implement control over what areas in an organization your token can access - specifically which role in an organization, and what services and the level of permissions. If required, you can select All Roles and give your token access to all the organization and service roles.

  5. Select the Open ID check box to get information about the users that authorize your app.
  6. Click Generate.
  7. Save the token credentials to a safe place so you can retrieve them to use later on.
    For security reasons, after you generate the token, we only display the name of the token on the API Tokens page and not the token credentials. This means that you will no longer be able to reuse the token by copying the credentials from this page.
  8. Click Continue.
    In addition to API tokens, you can use OAuth apps to authenticate your applications. To see when to use OAuth apps instead of API tokens, see What Is the Difference Between OAuth Apps and API Tokens.