Step-by-step guide to creating a Tooken API token with scoped permissions and an optional expiration date using the dashboard or REST API.
Tokens are the core credential unit in Tooken. Each token carries a set of scopes that define exactly what the bearer can do, and an optional expiration date that automatically limits its lifetime. Create a token for every distinct service or integration — never share a single token across multiple consumers.
Follow a consistent naming convention that includes the service name and environment, for example backend-prod, ci-staging, or data-pipeline-dev. This makes it easy to identify tokens in the audit log and during rotation.
Dashboard
API
1
Log in to the Tooken dashboard
Open app.tooken.io and sign in with your account credentials.
2
Navigate to Tokens
In the left sidebar, click Tokens. You will see a list of all tokens in your workspace.
3
Open the new token form
Click New Token in the top-right corner of the Tokens page.
4
Configure the token
Fill in the token details:
Name — enter a descriptive name that identifies the service and environment.
Scopes — select one or more scopes from the list. Grant only the scopes your service actually needs.
Expiration date (optional) — set a date after which the token automatically becomes inactive. Leave blank for a non-expiring token.
5
Create and copy the token
Click Create. The dashboard displays the token secret exactly once. Copy it immediately and store it in a secure location such as a secrets manager or encrypted environment variable. You cannot retrieve the secret again after closing this dialog.
Send a POST request to /tokens authenticated with your API key. Include the token name, the scopes you want to grant, and an optional expiration timestamp.
The token field in the response contains the full secret and is returned only once. Store it immediately in a secrets manager or secure environment variable. Subsequent calls to GET /tokens/:id return the token metadata but never the secret value.
