REST API central token management

API token management allows control over who can create user tokens to access REST API and provides you with a clear view regarding who has access to which API.

How to use REST API central token management

To access Bob's APIs, a user needs to create an API token. Only users with the necessary permissions are able to generate API tokens.

To generate an API token:

1. Click your profile picture, and then select API access.
2. Click Generate token.
3. Define the scope of access by marking the desired actions to include in the token

Notes:

• A user can have only one API token which is automatically revoked when they leave the company.
• API token access levels are in accordance with bob user permissions, meaning an admin's token will have full access to all APIs for example.

To revoke an API token:

1. Click your profile picture, and then select API access.
2. Click Delete token.

Managing tokens

To manage your organization's tokens:

1. From the left menu, select Settings > Integrations.
2. Select Automation.
3. Click the Manage on the Rest API thumbnail.

Note: Here you’ll see the API access tokens created with information on who created the token. You can click to Revoke Token, view and manage the token's access scope.

Permissions

API user tokens can be created only by users who are given permission to do so through Permission Groups.

To set API token creation permissions:

1. From the left menu, select Settings > Roles and Permissions.
2. Click Manage on the desired permission group thumbnail.
3. Select the Company thumbnail at the top.
   The API Access category will be open by default
4. Adjust as desired to allow or disallow access to Manage REST API token.