What are Account API Tokens?
API tokens grant access to update data in all the projects of your account. It should be kept privately, like any other credentials, but stronger since it controls all your accounts
Only Account Administrator can see the API Token screen through the Account Settings.
For more information on how to use the api tokens via the API goto API General page.
What is the API Token name for?
Api Tokens have names so you can remember to who / what you gave access via the api tokens.
API Tokens that start with underscore are reserved for specific use / specific integration. Don’t use them unless it’s for a specific reason (followed by our instructions).
Since you can create as many api_tokens as needed, rename them, disable and enable them, it is a best practice to give different api_tokens to different (code) purposes / business needs. Once you may have different business needs, or you’ll need to disable one of the functionality, it will be easier for your to just disable one API_Token at a time
Your API Tokens should be kept private, like any other credentials:
- Never send your API Token via an email
- If you’re writing a script or program that accesses the API, do not pass the token in cleartext (use HTTPS exclusively)
- Give specific API usage different API Tokens with an explicit name.
- If you suspect that your API token has been compromised, or you’re not sure for what reason it is used – Delete or Disable it.