Skip to main content

Create an API token to use Level Access API

  • Updated

To use Level Access’s public API, add and configure an API token. We recommend saving the API token to a secure file or password manager.

On this page: 

What is an API token

An API token is a unique identifier used to authenticate a user, application, or service when interacting with an API (Application Programming Interface). 

API tokens have the following characteristics: 

  • Authentication: Confirms the identity of the requester.
  • Authorization: Grants specific permissions or access levels.
  • Security: Aids in protection of sensitive data and operations.
  • Expiration & Scope: May have time limits and defined access boundaries.

Generate a new API token

This API token allows you to use Level Access’s public API. You must name it, and define the period during which the key is active.  We recommend saving the API key somewhere like a password manager or downloading the .txt file, so you don't have to generate a new one each time you use the app.

Note:

  • API keys are only valid for the configured period of time. Maximum duration is 365 days as per standard security guidelines. 
  • API keys are user-specific. They can be generated by organization admins or users that have the API Token Manager role. 
  • You can access an API key only when you generate it. Be sure to save it immediately, as it won't be viewable in the platform later.

To generate an API token:

  1. Navigate to the organizational level. 
  2. Under Manage, select Tools & Integrations, and then API.
  3. Select +Add new API key. A new panel is displayed. 
  4. Under Key name*, enter a name for the key.
  5. Under Expiration period*, select one of the available options: 
    • 180 days: This option is recommended for most use cases. 
    • 30 days: Grants you short term access. 

    • Custom period. To complete the configuration, select the desired Expiry date*.  

      Note: Custom period allows you to select a specific number of days during which the token remains active. The date range is defined by two dates, the date when you generate the token, and the date of the token expiration.

  6. Select Generate API key. The API token panel is displayed. It informs you that this API token (also referred to as API key) should be treated as a password. It will not be displayed again once you leave the panel and must be copied and stored securely.   
  7. Select  Copy API token.
  8. Paste the API token to a secure file or password manager, where you can retrieve it in the future. 
  9. Select Done. The token is now listed on the API tab of Tools and Integrations. Its status is shown as Active.

Revoke a generated API token

If you revoke an API token, any applications or services using the token will no longer function. 

To revoke a generated API token: 

  1. Navigate to the organizational level. 
  2. Under Manage, select Tools & Integrations, and then API.
  3. Select the token you want to revoke, and then select Revoke. A warning about applications and services using the token is displayed. 
  4. Select Revoke API key again, to confirm your choice. The token is revoked, but remains listed on the API tab. Its status is shown as Revoked.

Notifications about API token expiry

Platform users that manage API integrations receive timely notifications about their API token expiry. Note the following notification guidelines:

  • Notifications are sent three times, 15 and 7 days before token expiry, and on the day of expiry (final notification).

  • They contain token name, expiry date, and a link to the API token management page.

  • They are delivered by email (to the user’s configured address).

  • Final expiry notifications informs the user the token has expired and provides instructions to renew or replace the token.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.