What is an API Token?
An API token is a unique, generated string that acts as a digital key, verifying an application's identity and permissions when accessing an API. It enables secure communication between applications and APIs, ensuring only authorized requests are processed.
What’s New:
Org Admins now have the ability to create API tokens directly from their Org-level Profile menu. This can be found by clicking on the user avatar in the top right corner and selecting “Profile”:
Next, click on the “API Tokens” tab on the left-hand side of your Profile interstitial and then "Create API Token" on the upper right-hand side to create:
Token Scope & Visibility
API tokens are inherently scoped to the specific user and organization within which they are generated, ensuring data isolation and security. If a user belongs to multiple organizations, they will have separate sets of tokens for each. Tokens created for one organization cannot be seen or used in another, preventing data from being shared across organizations. These tokens do not expire, and users can create new tokens as needed for continuous access
Token Deprovisioning
If a user is removed from an organization, all API tokens associated with that organization are immediately revoked, severing any external access granted through those tokens. Conversely, any tokens the user holds for other organizations will continue to be valid, as long as they maintain access to those respective organizations, thus ensuring that the revocation is strictly limited to the organization from which they were removed