API Tokens

API Tokens allow to safely and securely retrieve all of your Calibre performance monitoring information. They can be used as a method of authentication when using the CLI, Node.js API or the GraphQL API to export data or build automations.

You can manage your API Tokens through the CLI and APIs (as described below) or within the Calibre interface.

There are two types of API Tokens in Calibre: Admin and Personal Access Tokens (PAT), which are available depending on the level of access to the organisation you are a member of, your team membership and type of account. Find out more about the types of API tokens and permission levels.

API tokens carry many privileges: they can be used to access your account without a password and obtaining monitoring data. Make sure to save your tokens in a safe place, such as your password manager.
Creating an API Access Token with selected permissions

Store a token locally

Calibre API tokens can be stored on your system by using the calibre token set command:

1calibre token set 6a897f87feece867f991816261619239471cee691917361

Your API token will be saved to ~/.config/configstore/calibre.json.

To remove the token from your system, use the calibre remove token command.

Store a token as an environment variable

The CALIBRE_API_TOKEN environment variable can be used to set the API Access Token for use with CLI, Node.js API or GraphQL APIs.

1export CALIBRE_API_TOKEN=<token here>
2calibre site list
1export CALIBRE_API_TOKEN=<token here>
2node my-calibre-script.js

Expiring tokens

You can set the expiry on a token by selecting an option from the “Expires in” field. When a client makes a request with an expired token, it will be forbidden.

Refreshing tokens

The Refresh Token API allows you to refresh a token before it expires. A successful call to this endpoint will refresh the token for the same time that was set when the token was created. Update a token by making a POST request to https://calibreapp.com/api/refresh_token with the following headers:

  • Authorization: Token YOUR_API_TOKEN

Allowed IP Addresses

You can choose only to allow specific IP addresses to use an API token by adding an IP address or range to the “Allowed IP Addresses” field. Leave this field blank to allow requests from all IP addresses.