API tokens carry many privileges, so be sure to keep them secret. Tokens can be managed by visiting the API Tokens page, which can be found under the team drop-down. Only admin users are able to view or manage API tokens.
Calibre API tokens can be stored on your system by using the calibre token set command:
1calibre set token 6a897f87feece867f991816261619239471cee691917361
Your API token will be saved to ~/.config/configstore/calibre.json.
To remove the token from your system, use the calibre remove token command.
The CALIBRE_API_TOKEN environment variable can be used to set the API Access Token for use with CLI, Node.js API or GraphQL APIs.
1export CALIBRE_API_TOKEN=<token here>2calibre site list
1export CALIBRE_API_TOKEN=<token here>2node my-calibre-script.js
You can set the expiry on a token by selecting an option from the “Expires in” field. When a client makes a request with an expired token, it will be forbidden.
The Refresh Token API allows you to refresh a token before it expires. A successful call to this endpoint will refresh the token for the same time that was set when the token was created. Update a token by making a POST request to https://calibreapp.com/api/refresh_token with the following headers:
You can choose only to allow specific IP addresses to use an API token by adding an IP address or range to the “Allowed IP Addresses” field. Leave this field blank to allow requests from all IP addresses.