Skip to main content

Managing API tokens

🏗 Work in progress

The content of this page might not be fully up-to-date with Strapi 5 yet.

☑️ Prerequisites
  • Administrators can create, read, update, or delete API tokens only if proper permissions are granted (see Configuring administrator roles).
  • The Global settings > API Tokens sub-section of the settings interface is accessible in the admin panel only if the API tokens > Read permission is granted.

API tokens allow users to authenticate REST and GraphQL API queries (see Developer Documentation). Administrators can manage API tokens from Settings icon Settings > Global settings > API Tokens.

API tokensAPI tokens

The API Tokens settings sub-section displays a table listing all of the created API tokens.

The table displays each API token's name, description, date of creation, and date of last use. From the table, administrators can also:

  • Click on the edit button to edit an API token's name, description, type, duration or regenerate the token.
  • Click on the delete button to delete an API token.

Creating a new API token

To create a new API token:

  1. Click on the Create new API Token button.

  2. In the API token edition interface, configure the new API token:

    Setting nameInstructions
    NameWrite the name of the API token.
    Description(optional) Write a description for the API token.
    Token durationChoose a token duration: 7 days, 30 days, 90 days, or Unlimited.
    Token typeChoose a token type: Read-only, Full access, or Custom.
  3. (optional) For the Custom token type, define specific permissions for your API endpoints by clicking on the content-type name and using checkboxes to enable or disable permissions.

  4. Click on the Save button. The new API token will be displayed at the top of the interface, along with a copy buttoncopy button.

Custom API tokenCustom API token
Caution

For security reasons, API tokens are only shown right after they have been created. When refreshing the page or navigating elsewhere in the admin panel, the newly created API token will be hidden and will not be displayed again.

Regenerating an API token

To regenerate an API token:

  1. Click on the API token's edit button.
  2. Click on the Regenerate button.
  3. Click on the Regenerate button to confirm in the dialog.
  4. Copy the new API token displayed at the top of the interface.