API Tokens
Workspace API tokens are meant to be used for programmatic management, such as archiving inactive Reports or deleting schedules for stale Reports across your Workspace. These tokens mimic admin access to the Workspace and only admins will be able to create and manage them.
To generate a new API token, you must be an admin of your Workspace.
Navigate to . Click the “gear” icon and select “Create new API token”. You will be prompted to add a display name and save the token. Ensure you save the credentials securely.
| Remember to store your API token and password securely. Do not expose the password on public sites, in client-side code, or in public code repositories. |
The credentials are comprised of two parts:
-
Token: The public component of the credential. Often referred to as the username or access key during authentication.
-
Secret: The private component of the credential. Often referred to as the password or access secret during authentication. This is only shown once when creating the token and must be saved somewhere secure before closing the modal.
Workspace API tokens are set to expire after 90 days by default. The expiration can be updated by clicking the “gear” icon and selecting Token expiration settings. To revoke all tokens, select Revoke all tokens… and confirm the action.
Admins will be able to see the following for all active, revoked, and expired API tokens already generated:
-
Who the token was created by.
-
When the token was last used.
-
When the token is set to expire.
Limitations:
-
Granular permissions are not currently supported with the Workspace API tokens; they allow admin access to the Workspace for now.
