Managing API tokens
The content of this page might not be fully up-to-date with Strapi 5 yet.
- Administrators can create, read, update, or delete API tokens only if proper permissions are granted (see Configuring administrator roles).
- The Global settings > API Tokens sub-section of the settings interface is accessible in the admin panel only if the API tokens > Read permission is granted.
API tokens allow users to authenticate REST and GraphQL API queries (see Developer Documentation). Administrators can manage API tokens from Settings > Global settings > API Tokens.
The API Tokens settings sub-section displays a table listing all of the created API tokens.
The table displays each API token's name, description, date of creation, and date of last use. From the table, administrators can also:
- Click on the to edit an API token's name, description, type, duration or regenerate the token.
- Click on the to delete an API token.
Creating a new API token
To create a new API token:
-
Click on the Create new API Token button.
-
In the API token edition interface, configure the new API token:
Setting name Instructions Name Write the name of the API token. Description (optional) Write a description for the API token. Token duration Choose a token duration: 7 days, 30 days, 90 days, or Unlimited. Token type Choose a token type: Read-only, Full access, or Custom. -
(optional) For the Custom token type, define specific permissions for your API endpoints by clicking on the content-type name and using checkboxes to enable or disable permissions.
-
Click on the Save button. The new API token will be displayed at the top of the interface, along with a copy button.
For security reasons, API tokens are only shown right after they have been created. When refreshing the page or navigating elsewhere in the admin panel, the newly created API token will be hidden and will not be displayed again.
Regenerating an API token
To regenerate an API token:
- Click on the API token's edit button.
- Click on the Regenerate button.
- Click on the Regenerate button to confirm in the dialog.
- Copy the new API token displayed at the top of the interface.