2. Integration Credentials (API Tokens)

API Tokens Overview

API tokens are long-lived authentication credentials designed for secure server-to-server integrations, automated processes, and third-party applications. Unlike regular session tokens, API tokens remain valid for extended periods (10 years by default) and are ideal for scenarios where persistent authentication is required.

Complete API Token Lifecycle

The scenarios in this section cover the complete lifecycle of API tokens:

• Creation: Generate new API tokens for integrations and automated processes

• Management: List and audit your active tokens for security monitoring

• Rotation: Replace existing tokens with new ones without service interruption

• Deletion: Revoke tokens that are no longer needed or may be compromised

Key Benefits of API Tokens

• Long-lived authentication: Valid for 10 years by default, eliminating frequent re-authentication

• Simplified integration: Use the same authentication mechanism across all API endpoints

• Separation of concerns: Create dedicated tokens for different integrations or services

Security Best Practices

• Store tokens securely using environment variables or secrets management systems

• Implement regular token rotation as part of your security maintenance

• Audit and revoke unused tokens to minimize your attack surface

Common Use Cases

• Scheduled automation: Background jobs, periodic data synchronization, or batch processing

• Third-party integrations: Connecting external systems or services to Circularo

API tokens inherit all permissions from the creating user.

All API token operations can be performed using either a regular session token (obtained via login) or an existing API token with appropriate permissions.