/
Authentication tokens
Document toolboxDocument toolbox

Authentication tokens

Owned by Former user (Deleted)
Last updated: Aug 05, 2025 by Laszlo FrazerVersion comment
[ 1 Overview ] [ 2 What permissions do I need? ] [ 3 Create a new token ] [ 4 Manage tokens ] [ 5 Filter tokens ] [ 6 Important considerations ]

Overview

In the Administration → Credentials → Tokens area, you can manage the existing tokens in your domain or generate new ones. You can create tokens to authorize requests to our Devo APIs or to send data using an HTTP endpoint.

OData tokens

Apart from the tokens generated in this area, this area also displays the OData tokens generated in the search window. Learn more about OData feeds in this article.

10_Authentication tokens.png

What permissions do I need?

All domain users can access this area. Management capabilities depend on having the 'Manage' level of the API Credentials permission, which allows users to create, modify, and delete tokens.

According to the Role-Based Access Control (RBAC) model, only token owners (the user who created the token) and authorised users (the recipient of the token) can view the token value. Other users will see the token value in a hashed format: tk.<token_hash>.<last_5_characters_of_the_token>.

5_Authentication tokens.png

Use cases:

  • Manage API Credentials + Owner or authorized user: Users with these conditions will be able to view and manage their tokens in the domain.

80_Authentication tokens.png

  • Manage API Credentials + Not owner or authorized user: Users with these conditions will be able to view and manage the list of domain tokens. However, the value of tokens they do not own or are not authorised to access will appear hashed as tk.<token_hash>.<last_5_characters_of_the_token>

110_Authentication tokens.png

  • Authorized user: Users with these conditions will be able to view their authorized token list in the domain.

100_Authentication tokens.png

Create a new token

Click the Create token button at the top right of this area to generate a new token. Fill the fields in the window that appears:

30_ Authentication token.png

 

40_ Authentication tokens.png

The token will now appear in the table. Under the Token column, you can view its value. Click the expanded icon to see ir more clearly.

To copy the generated token or the owner name to your clipboard, click the dropdown menu in the table and select the copy option from the expanded row.

70_Authentication tokens.png

Manage tokens

All the tokens generated in the domain will appear in the table of this area. Users with API Credentials permission can manage the token details by clicking the ellipsis button that appears at the end of a token in the table to access the following actions:

40_Authentication tokens.png

Edit

Click to see the details of the token. Alternatively, you can click its name in the table.

In the Token info window that appears, you can change the name of the token, copy the token and its associated scope to your clipboard, and add tags to it.

30_Authentication tokens.png

 

Disable / Enable

Click the ellipsis button and select the “disable/enable” option. The color in the Status column of the table shows if the token is enabled (green) or disabled (red).

50_Authentication tokens.png

Delete

Click the ellipsis button and select the "delete" option. You can choose tokens individually or use the bulk checkbox to select multiple at once.

60_Authentication tokens.png

 

Filter tokens

You can use the options at the top of the table to filter the list of tokens as required according to different parameters:

  • Filter tokens by status. The available options are Disabled and Enabled.

  • Filter tokens by specific characteristics. Open the dropdown menu next to the search box to select the required parameter (Status, Name, Type, Authorized User, Scope, Token, Creation date and Expiration date) and enter the value to filter by in the search box.

  • Search tokens by name. Open the dropdown menu next to the search box and type the token name in the Name field.

  • Search by token last 5 digits. Open the dropdown menu next to the search box and type the last 5 digits of the token in the Token field.

Important considerations

  • Tokens assigned to a deleted user will be reassigned to the domain owner and remain enabled. We recommend disabling them if these credentials are known or accessible by an undesired person.

  • Tokens assigned to a disabled user will remain enabled and still assigned to that user.

  • Tokens can be created by Devo features. These tokens may be “Unnamed.”