Skip to main content

How to Use the Self-Service API Key

What self-service API tokens are and how to use them in the Flowcode 2 platform

Updated over a month ago

What is an API Token?

An API token is a unique, generated string that acts as a digital key, verifying an application's identity and permissions when accessing an API. It enables secure communication between applications and APIs, ensuring only authorized requests are processed.

What’s New:

Org Admins now have the ability to create API tokens directly from their Org-level Profile menu. This can be found by clicking on the user avatar in the top right corner and selecting “Profile”:

Next, click on the “API Tokens” tab on the left-hand side of your Profile interstitial and then "Create API Token" on the upper right-hand side to create:

Token Scope & Visibility

API tokens are inherently scoped to the specific user and organization within which they are generated, ensuring data isolation and security. If a user belongs to multiple organizations, they will have separate sets of tokens for each. Tokens created for one organization cannot be seen or used in another, preventing data from being shared across organizations. These tokens do not expire, and users can create new tokens as needed for continuous access

Token Deprovisioning

If a user is removed from an organization, all API tokens associated with that organization are immediately revoked, severing any external access granted through those tokens. Conversely, any tokens the user holds for other organizations will continue to be valid, as long as they maintain access to those respective organizations, thus ensuring that the revocation is strictly limited to the organization from which they were removed

Did this answer your question?