Create and Manage API Tokens


API Tokens allow to safely and securely retrieve all of your Calibre performance monitoring information. They can be used as a method of authentication when using the CLI, Node.js API or the GraphQL API to export data or build automations.

A list of API tokens for a given organisation.

Types of API Tokens

There are two types of API Tokens in Calibre: Admin and Personal Access Tokens (PAT), which are available depending on the level of access to the organisation you are a member of:

Admin TokensPersonal Access Tokens (PAT)
Token permissionsAll available permissionsPermissions scoped to the level of access of your account
Who can create this token?Administrators onlyAnyone with a Calibre account
Who can edit this token?Administrators onlyAdministrators and token creators
Who can revoke this token?Administrators onlyAdministrators and token creators

Anyone with a Calibre account can create a Personal Access Token (PAT). Administrators and Users can select all permission options. Learn more about account types and levels of access to Calibre.

Create an API Token

To create a Personal Access Token, click your avatar in the upper right-hand-side corner and then click the Personal Access Tokens link. You will be able to add a new token by clicking the Create a new Personal Access Token button.

Accessing the Personal Access Token page

To create an Admin Token, navigate to the API tab. Add a new token by clicking Create a new API Access Token button.

Creating an API Access Token with selected permissions

To add a token:

  • provide a name so that it can be easily identified
  • choose when it expires
  • add an IP address, if you’d like to limit incoming requests (optional, leave blank to allow requests from all IP addresses)
  • select the range of permissions

Each token has access to all Sites within the organisation. The token permissions you can select depend on the type of your Calibre account. To save the token, click the Create token button at the bottom of the page.

Once you create the token, we will only display it once. Make sure to save it in a safe place, such as your password manager.

Edit an API Token

You can edit API Tokens at any time by clicking the Edit link next to the selected token in the API tab and on the Personal Access Token page.

Editing an API Access Token with selected permissions

Make the desired changes and click the Save button to confirm.

Refresh an API Token

To refresh an expired token, click the Edit button next to the corresponding token, and re-save it by clicking the Save button. It will be refreshed for the same amount of time as chosen in the Expires in field. You can also refresh tokens using the Refresh Token API.

Revoke an API Token

You can revoke API Tokens at any time by clicking the Revoke link next to the selected token in the API tab and on the Personal Access Token page. Before we revoke the token, we will ask you to confirm your choice. The token will then be removed from the list.

When you revoke a token, its access to Sites will be blocked immediately. If you have automations relying on specific tokens, make sure to replace them with valid API tokens before revoking the old ones.

Find an API Token

As an administrator, you can quickly find an API Token using the search field in the upper right corner of the API tab. You can query by:

  • name
  • created by

On both the API tab and the Personal Access Token page, you can sort the API Tokens table by clicking on the headings. For example, click on Expires at to see expired tokens.