View Source

Access Tokens

Access tokens are required to authenticate API calls to Autheona. Each project can have multiple access tokens with different expiration dates.

What Are Access Tokens

Access tokens are credentials that authorize your application to call the Autheona API for a specific project. Each token is unique and tied to a single project.

Important Security Notes:

  • Tokens are only shown once at creation
  • Store tokens securely (use environment variables)
  • Never expose tokens in frontend code
  • Never commit tokens to version control

Creating an Access Token

  1. Open your project page
  2. Click the Settings button
  3. Navigate to the Access Tokens section
  4. Click the Create Token button
  5. A modal appears with two fields:
    • Expiration Date - Choose from:
      • 30 days
      • 90 days
      • 365 days
      • Never expire
    • Description - Optional note about token usage (e.g., "Production Server", "Testing Environment")
  6. Click create
  7. Copy the token immediately - This is the only time you will see it

After closing the creation modal, the token appears in the token list but the actual token value is hidden.

Token Details You Cannot Change

After creating a token, you cannot modify:

  • Expiration date
  • Description

If you need different settings, create a new token and revoke the old one.

Viewing Access Tokens

In the Access Tokens section, you can see:

  • Token description
  • Creation date
  • Expiration date
  • Last used date (if applicable)

The actual token value is never displayed again after creation.

Revoking an Access Token

If a token is compromised or no longer needed:

  1. Go to Access Tokens section in project settings
  2. Find the token in the list
  3. Click the Revoke button
  4. Confirm revocation

Revoked tokens:

  • Stop working immediately
  • Cannot be recovered
  • Are permanently deleted
  • Break any integrations using that token

Token Limits

There is no limit on the number of access tokens you can create per project.

Best Practices

  • Create separate tokens for different environments (development, staging, production)
  • Use descriptive names in the description field
  • Set expiration dates for tokens used in temporary or testing scenarios
  • Use "never expire" only for production tokens
  • Rotate tokens periodically for security
  • Revoke unused tokens immediately

If You Lose a Token

There is no way to recover a lost token. You must:

  1. Create a new access token
  2. Update your application with the new token
  3. Revoke the lost token (if you remember which one it was)