An API token is a unique identifier of an application requesting access to your account via the API.
Our API documentation describes how to get a standard authorization token with a validity period of 1 hour, to update it, use the Refresh token request with a validity period of 24 hours. Such validity periods can be helpful for one-time requests.
To set up an automated process for working with our CDN service (for example, automatic cache clearing), use a permanent API token, which you can create in your personal account.
Please refer to the specific product API documentation to check if it supports permanent API tokens.
To manage services add your permanent API token after APIKey in the authorization header: 'Authorization: APIKey 7711$eyJ0eXAiOiJKV'
Note: There is currently a limit of 50 API tokens per account
1. In the Gcore Customer Portal, go to Profile.
2. Open the API tokens section.
3. Click Create API token.
The form for an API token creation will be opened.
4. In the Token name field, specify the token name.
5. (optional) In the Description field, you can enter additional information about the token. This is an optional field.
6. In the Role section, specify the rights that are assigned to the created token.
Important: A user can create a token with a role equal to or lower than their own. This means that a user with the User role cannot create a token with the Administrators role.
7. In the Expiration section, select the expiration date of the token:
8. Click the Create button to generate the API token.
A pop-up window with the API token will be opened.
9. The generated token is not stored in the system**_._** You can view it in your Personal Account only once during its creation. Copy and save the token.
10. After you have saved the generated token, click OK, I've copied token. Information about the token will be displayed in the API tokens section.
Only users with the Administrators role can delete any tokens issued for the account. Users with other roles can only delete tokens that were issued only by these users.
1. In your Personal Account, go to Profile. 2. Open the API tokens section. 3. Next to the required API token, click on the three dots sign and select Delete API token.
This section displays all issued API tokens, as well as information about who issued the token, token role, last usage, expiration date, and status.
Important: Only users with the Administrators role can see and manage all tokens issued for the account. Users with other roles can only see and manage the tokens that were issued by these users.
For a quick search, use:
API token expiration notifications are displayed in your personal account and are sent by default to users who have issued a token and to users with the Administrators role.
You can configure notifications in the Notifications section of the Profile tab.
Users are notified by email:
The API Tokens section will be marked with an exclamation mark if there are tokens that expire in 7 days or less.
When logging in via SAML SSO, our system does not have information about the status of the permissions granted to the user by the provider.
Even if the provider revoked the user's access rights, their tokens will remain active for account management.
Important: If you need to restrict access via a permanent API token for a user with SSO authorization, delete the required token from your Personal Account.
Was this article helpful?