Managing API tokens
API tokens are used to authenticate requests to the Certorix REST API and MCP server.
Where to find your API token
- Go to MCP / API in the left sidebar.
- Your current API token is shown in the Authentication section.
- Click the Copy button to copy it to your clipboard.
Regenerating your API token
If your token is compromised or you want to rotate it for security:
- Go to MCP / API → Authentication section.
- Click Regenerate token.
- Confirm the action in the dialog.
- Important: The old token stops working immediately. Update any scripts, MCP server configs, or integrations with the new token.
Token permissions
Your API token inherits your user's permissions:
- Admin tokens – Full access to all endpoints.
- Editor tokens – Can create/edit/publish but cannot delete or manage billing/team.
- Viewer tokens – Read‑only access.
Token security best practices
- Never commit tokens to version control (Git).
- Use environment variables or secrets managers (e.g., GitHub Secrets, .env files).
- Rotate tokens regularly (every 90 days recommended).
- If a token is exposed, regenerate it immediately.
- Do not include tokens in client‑side code (browser JavaScript).
Token expiration
API tokens do not expire automatically. Only regenerate or account deletion invalidates them.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article