API Access Tokens

Individualized organization API access tokens can be found on the account page (requires login). Access tokens are used to authenticate with the Zonké API and are necessary for all API requests. Manage these tokens securely to prevent unauthorized API access.

Token Composition and Scope

API access tokens are composed of an access key and access token. The access key is a unique identifier for the organization, while the access token is unique to the user generating the token. The access key is scoped to the organization it is generated for, and the access token is scoped to the user. A user can only perform actions within the scope of their access token, ensuring security and limited access to resources.

Obtaining Access Tokens

To obtain your API access tokens, follow these steps:

1. Navigate to the account page.
2. Locate the organization you want API access to.
3. Copy the access key and token for the organization.
4. Ensure to store your tokens securely, and do not share them publicly.

Rotating Access Tokens

If you suspect that your API access tokens have been compromised, you can rotate them by following these steps:

1. Navigate to the account page.
2. Locate the organization you want to rotate the access tokens for.
3. Click the Rotate button next to the access token.
4. Type 'rotate' in the confirmation dialog and click Rotate.
5. After rotating the access token, update your API requests with the new token.