Home

    Managing an API Token for your Account

    Thursday, October 5, 2023In: Account & User Settings Print

    About API Tokens

    This article describes the use of API Tokens, based on OAuth 2.0 authentication protocol, as a means to access our APIs

    IMPORTANT: Your API token needs to be treated as securely as any other type of password. Make sure to store this token in a safe and secure location.  

    Rules for Using API Tokens

    You must update your API scripts with our new domain.
    • Tokens will automatically expire and be deleted after 180 days (regardless of whether the token was in use, or not). Once expired and deleted, the token will not be available to the user, and the user account will not have access to our APIs. Therefore, API tokens must be revoked and regenerated, before they expire.
    • Only one API token can exist, for any user, at any one time.
    • After generating a new API token, insert the new access key generated, into the script in the API. See our API documentation
    • API tokens are cross-regional (one API token for all regions). The user’s access is determined by his role and the Business Units he belongs to. 
    • If you need to disable the API Token option (to limit access by users), contact support. 

    Creating an API Token

    NOTE: If the API token options aren't available on your profile, contact your Master Admin. 

    Creating an API Token for Accounts without SSO

    To create an API token for a user account without SSO:

    1. Sign in to your  account              
      (see Signing In).
    2. From the user dropdown menu on the upper right-hand corner, go to Edit Profile.  

    1. At the bottom of the API Token section, click Generate

    1. The New API Token dialog box appears.           

                
       
    2. The newly generated personal API Token appears (hidden) in the field.            
      If you want to view the hidden API token string, click the view icon (optional)
    3. Click Copy to copy the token into your clipboard.    
    NOTE: For security reasons, the token appears only once. You are not able to see the token again, after the dialog box closes! Therefore, make sure to store the token in a safe and secure location. 
    1. An email will be sent to the user, confirming the creation of a new API Token.                    
    2. After generating a new API token, insert the new access key generated into the script in the API. See our API documentation.
    IMPORTANT: The legacy API access authentication mechanism (using a username and password) will be supported until April 30, 2024. After this date, any scripts using this mechanism will no longer work. 

    Creating an API Token for Accounts with SSO

    NOTE: The procedure described below does not affect your account configuration. Your account continues to be accessible with SSO.   

    To create an API token for a user account with SSO:

    1. Sign in to your account (see Signing In).
    2. From the user dropdown menu on the upper right-hand corner, go to Edit Profile.  

    1. At the bottom of the API Token section, click Generate

    1. A popup window appears. Read the instructions carefully.           

    To generate an API Token, you will have to authenticate with a password, as described:

    1. If you don’t have an account password, or if it has expired, click the Reset Password link, and follow the on-screen instructions. For more information on resetting passwords, see Resetting Passwords.

    NOTE: At the end of the reset password process, the system will attempt to log you in automatically. However, since your account is configured with SSO, you will see the following error message.


    Please ignore this error message, and return to the Edit Profile page.
    NOTE: Regardless of the fact that you have now defined a new username and password, your SSO configuration will not be affected. You should still be able to log in via SSO. 

    1. If you already have a password, click Continue

    2. Enter your account login credentials in the sign-up page, where you will be redirected.  

    1. Once authenticated, you will be returned to the New API Token window, where a new API Token will be provided.

     
     

    1. The newly generated personal API Token appears (hidden) in the field.

    If you want to view the hidden API token string, click the view icon (optional). 

    1. Click Copy to copy the token into your clipboard.
    2. An email will be sent to the user, confirming the creation of a new API Token.
    3. After generating a new API token, insert the new access key generated, into the script in the API. See our API documentation.         
    IMPORTANT: The legacy API access authentication mechanism (using a username and password) will be supported until April 30, 2024. After this date, any scripts using this mechanism will no longer work. 

    Revoking an Existing API Token        

    NOTE: Do not confuse revoking an API token in the application with revoking an OAuth token in Salesforce, which is a different procedure serving a different purpose.  For information on how to revoke OAuth tokens in Salesforce, see here.

    To replace an existing API Token in your account, you must first revoke the existing API token (since only one API token can exist at any given time, for any user). 

    1. Sign in to your account (see Signing In).
    2. From the user dropdown menu on the upper right-hand corner, go to the Edit Profile page, and click Revoke.

    1.  The Revoke API token confirmation dialog box appears.

    1. Read the warning message, and then click Revoke, to confirm revoking the API token.
    NOTE: Revoking an API Token is not reversible, and the API token is revoked across all of your regions.
    1. You receive an email message confirming that your API token has been revoked.

     

     


     

    « Previous ArticleNext Article »


    Contact Us

    Sometimes you just want to talk to someone. Our customer support team is available by phone:
    Request a Technical Support Call Back

    Submit a Ticket