API tokens. How to create, use and delete a permanent token

An API token is a unique identifier of an application requesting access to your account via the API.

When a permanent API token can be used

Our API documentation describes how to get a standard authorization token with a validity period of 1 hour, to update it, use the Refresh token request with a validity period of 24 hours. Such validity periods can be useful for one-time requests.

To set up an automated process for working with our CDN service (for example, automatic cache clearing), use a permanent API token, which you can create in your personal account.

Please refer to specific product API documentation in order to check if it supports permanent API tokens.

To manage services add your permanent API token after APIKey in the authorization header: 'Authorization: APIKey 7711$eyJ0eXAiOiJKV'

How to create a permanent API token?

Note! There is currently a limit of 50 API tokens per account

  1. In your Personal Account, go to Profile.
  2. Open the API Tokens section.
  3. Click Create API Token.

  4. The form for an API token creation will be opened.

  5. In the Token name field, specify the token name.
  6. In the Description field, you can enter additional information about the token. This is an optional field.
  7. In the Role section, specify the rights that are assigned to the created token.

Important! A user can create a token with a role equal to or lower than their own. This means that a user with the User role cannot create a token with the Administrators role.

  1. In the Expiration section, select the expiration date of the token:
  • Never expire means that the validity period of the token is unlimited.
  • Set expiration date option choosing this option set the expiration date of the token in the field below.


  1. Click the Create button to generate the API token. 
  2. A pop-up window with the API token will be opened.


Important! The generated token is not stored in the system. You can view it in your Personal Account only once during its creation. Copy and save the token.

  1. After you have saved the generated token, click OK, I've copied token. Information about the token will be displayed in the API Tokens section.

How to delete an API token

 Only users with the Administrators role can delete any tokens issued for the account. Users with other roles can only delete tokens that were issued only by these users.

  1. In your Personal Account, go to Profile.
  2. Open the API Tokens section.
  3. Next to the required API token, click on the three dots sign and select Delete API Token.


API Tokens section

This section displays all issued API tokens, as well as information about who issued the token,  token role, last usage, expiration date, and status.

Important! Only users with the Administrators role can see and manage all tokens issued for the account. Users with other roles can only see and manage the tokens that were issued by these users.

For a quick search, use :

  • Issued by filter for filtering by a user who issued a token
  • Role filter for filtering by the role assigned to the token
  • Status filter for filtering by token status: active/expired/deleted-filter


API token expiration notifications

API token expiration notifications are displayed in your personal account and are sent by default to users who have issued a token and to users with the Administrators role.

You can configure notifications in the Notifications section of the Profile tab.


Users are notified by email:

  • 7 days before the token expires.
  • 1 day before the token expires.

The API Tokens section will be marked with an exclamation mark if there are tokens that expire in 7 days or less.


In the SSL certificates section, special signs will appear next to certificates that need attention: 

  • If the token expires in 7 days or less.

  • If the token has already expired.

  • If the token is deleted


An API token and SSO

When logging in via SAML SSO, our system does not have information about the status of the permissions granted to the user by the provider.

Even if the provider revoked the user's access rights, their tokens will remain active for account management.

Important! If you need to restrict access via a permanent API token for a user with SSO authorization, delete the required token from your Personal Account.

Was this article helpful?
Recently viewed articles