Create and Manage API Tokens


API Tokens allow to safely and securely retrieve all of your Calibre performance monitoring information. They can be used as a method of authentication when using the CLI, Node.js API or the GraphQL API to export data or build automations.

A list of API tokens for a given organisation.

Types of API Tokens

There are two types of API Tokens in Calibre: Admin and Personal Access Tokens (PAT), which are available depending on the level of access to the organisation you are a member of:

Admin TokensPersonal Access Tokens (PAT)
Token permissionsAll available permissionsPermissions scoped to the level of access of your account
Who can create this token?Administrators onlyAnyone with a Calibre account
Who can edit this token?Administrators onlyAdministrators and token creators
Who can revoke this token?Administrators onlyAdministrators and token creators
Which Teams can be accessed with this token?All Teams in the OrganisationAll Teams you are a member of

Anyone with a Calibre account can create a Personal Access Token (PAT). Administrators and Users can select all permission options. Viewers can only select the Read Site option, as their account is read-only. Learn more about account types and levels of access to Calibre.

Create an API Token

To create a Personal Access Token, click your avatar in the upper right-hand-side corner and then click the Personal Access Tokens link.

Accessing the Personal Access Token page

To create an Admin Token, click Manage in the upper right-hand-side corner and then navigate to the API tab. You will be able to add a new token by clicking Create a new API Access Token or Create a new Personal Access Token buttons.

Creating an API Access Token with selected permissions

To add a token:

  • provide a name so that it can be easily identified
  • choose when it expires
  • add an IP address, if you’d like to limit incoming requests (optional, leave blank to allow requests from all IP addresses)
  • choose which Team’s Sites the token will have access to
  • select the range of permissions

Each token has access to a single Team and its Sites. The token permissions you can select depend on the type of your Calibre account. To save the token, click the Create token button at the bottom of the page.

Once you create the token, we will only display it once. Make sure to save it in a safe place, such as your password manager.

Edit an API Token

You can edit API Tokens at any time by clicking the Edit link next to the selected token in the Manage → API tab and on the Personal Access Token page.

Editing an API Access Token with selected permissions

Make the desired changes and click the Save button to confirm.

Refresh an API Token

To refresh an expired token, click the Edit button next to the corresponding token, and re-save it by clicking the Save button. It will be refreshed for the same amount of time as chosen in the Expires in field. You can also refresh tokens using the Refresh Token API.

Revoke an API Token

You can revoke API Tokens at any time by clicking the Revoke link next to the selected token in the Manage → API tab and on the Personal Access Token page. Before we revoke the token, we will ask you to confirm your choice. The token will then be removed from the list.

When you revoke a token, it’s access to Teams and Sites will be blocked immediately. If you have automations relying on specific tokens, make sure to replace them with valid API tokens before revoking the old ones.

Find an API Token

As an administrator, you can quickly find an API Token using the search field in the upper right corner of the API tab. You can query by:

  • name
  • created by

On both the API tab and the Personal Access Token page, you can sort the API Tokens table by clicking on the headings. For example, click on Expires at to see expired tokens.