Create an API token
Only workspace admins can create and revoke API tokens.
Open the API settings
In the agent console, go to Settings → API (under the Workspace
section of the settings sidebar).
Create a token
Select Create token and name it after the system that will use it,
for example
CRM integration or Order notifications. Names make it
clear what breaks when a token is revoked later.Copy the token
The full token is shown once, immediately after creation. Copy it and
store it in your secret manager. After you close the dialog, only the
token’s prefix (for example
adraa_1a2b3c4d…) remains visible.Use the token
Send the token as a bearer token in theAuthorization header on every request:
401 with the code MISSING_TOKEN or INVALID_API_TOKEN.
Revoke a token
Revoke a token from the same Settings → API page. Revocation is immediate: the next request with that token fails with401 INVALID_API_TOKEN. Revoked tokens stay in the list for audit purposes and cannot be re-enabled — create a new token instead.
Keep tokens safe
- Store tokens in environment variables or a secret manager, and call the API only from your backend.
- Create one token per integration so each can be revoked independently.
- Revoke tokens you no longer use. The last used timestamp on the settings page shows which tokens are still active.
- If a token leaks, revoke it immediately and create a replacement.