API Tokens

An API Access Token is required in order to authenticate the Calibre Command Line (CLI), Node.js API or GraphQL API.

API tokens carry many privileges, so be sure to keep them secret. Tokens can be managed by visiting the API Tokens page, which can be found under the team drop-down. Only admin users are able to view or manage API tokens.

Store a token locally

Calibre API tokens can be stored on your system by using the calibre token set command:

Your API token will be saved to ~/.config/configstore/calibre.json.

To remove the token from your system, use the calibre remove token command.

Store a token as an environment variable

The CALIBRE_API_TOKEN environment variable can be used to set the API Access Token for use with CLI, Node.js API or GraphQL APIs.

Expiring tokens

You can set the expiry on a token by selecting an option from the “Expires in” field. When a client makes a request with an expired token, it will be forbidden.

Refreshing tokens

The Refresh Token API allows you to refresh a token before it expires. A successful call to this endpoint will refresh the token for the same time that was set when the token was created. Update a token by making a POST request to https://calibreapp.com/api/refresh_token with the following headers:

  • Authorization: Token YOUR_API_TOKEN

Allowed IP Addresses

You can choose only to allow specific IP addresses to use an API token by adding an IP address or range to the “Allowed IP Addresses” field. Leave this field blank to allow requests from all IP addresses.

Related Articles