Skip to main content
Version: v25.07.31

API Access Token

What is an API access token?

An access token is issued to grant access to 3rd party. Disabling ID requires an API token first, so an API token must be generated. It's called an API access token.

Why do we need an API token?

The API token is required to grant access to 3rd parties. When disabling one's device ID, an API token is required to create a compliance client profile for the first time. For that, an API token has to be generated. The API token is required for compliance with the client profile.

How to use an API token

The ID can be disabled using an API token and an API token for the ID needs to be generated. Following are the steps on how to generate an API token and how to use it.

Creating an API Access Token

  • Go to the Login page and navigate to Manage API.

  • Click on Add New API Token.

    Figure image 1: add new api token button

  • Fill in the following details:

    • Allowed API Endpoints: Specify the API endpoints that are permitted.
    • Blocked API Endpoints: List any API endpoints that should be blocked.
    • Allowed IP: Enter the IP addresses that are allowed to use this token.
    • Blocked IP: Enter the IP addresses that are blocked from using this token.

  • Click the Save button.

    Figure image:2 api token details

  • A message will appear on the screen confirming that the API token added successfully.

    Figure image:3 Api token sucessfully

Note: You can fill in any combination of the four fields (Allowed/Blocked API Endpoints and Allowed/Blocked IP) to save the token. For example, you can add only a blocked IP address and save, and that blocked IP will then be shown in the grid. If you fill in all four fields, they will all be displayed in the grid at the same time.

Checking API Token Expiry

An API token becomes invalid and expires if its expiration date has passed. To check the expiration date and update it:

  • In the token list, click the Edit button next to the token you want to check.

    Figure image:7 Api token expire

  • Scroll down to see the Expire Date.

  • You can change the date and then click the Save button to update the expiry date.

    Figure image:4 Api token expire

Editing an API Token

To update the details of any API Token, follow these steps:

  • Click on the Edit option in the 'Action' column on the right side of the row of the API Key to be edited.

    Figure image:5 Api edit token

  • Edit the API Key details as needed. The following details can be updated:

    • Organization Name: Change the current organization name (e.g., from Hiclouds to Apex Connect Ltd.).
    • Organization ID: Update the unique identifier for the organization.
    • API Key: Generate or change the security key used for API access.
    • Allowed API Endpoints: Select or modify the list of API services that this organization is permitted to access via a dropdown menu.
    • Blocked API Endpoints: Select or modify the list of API services that this organization is restricted from accessing via a dropdown menu.
    • Allowed IP: Update the list of permitted IP addresses for accessing the API.
    • Blocked IP : Update the list of restricted IP addresses that are denied API access.
    • Expire Date: Change the validity or expiration date for the organization's API access or configuration.

  • Click the Save button.

    Figure image:5 Api edit token

  • A confirmation message will appear on the screen stating that the API Key with id is updated successfully.

    Figure image:6 Api update token sucessfully

Deleting an API Token

To delete any API Token, follow these steps:

  • Click on the Delete option in the 'Action' column in the row of the API Token to be deleted.

    Figure image:8 Api delete token

  • By clicking on the Delete option, a confirmation message popup will open on the screen. This popup asks to confirm the deletion action again, which prevents accidental deletion.

    • The API Token has two options available:
      • Confirm Delete: If the API Token really wants to delete the information, click on the Yes button in the popup.
      • Cancel Delete: If not intended to delete or clicked by mistake, click on the No button to cancel the action and keep the information safe.

    Figure image:9 Api delete confirm message

  • A success message will be displayed on the screen, confirming that the API Token is Deleted.

    Figure image:10 Api deleted successfully

How to use API access token with compliance client

How to generate API token should be generated as shown in "how to new API token".

  • How to use API access token with compliance client

  1. Installing the compliance client application as explained in "How to install compliance client app in windows."

  2. The generated API has to be added inside the compliance client.

  3. When you go to the compliance client's profile and go to the setting as shown in "How to configure the profile", you will see something as shown in the image,

    how to config profile

  4. There you need an API token, name, language, and URL as explained in "How to configure the profile". Also, the newly generated API token will be added here.

  5. After that click on "save" button.

  6. There you will see a message on the screen as shown in the image that your profile is saved, click on "ok". use 1

Important Notes for Users

  • API Tokens are Security-Sensitive:- Handle API tokens carefully. Do not share them publicly or expose them in unsecured documents, code, or screenshots.
  • Access Control Depends on Token Rules:- The API token permissions depend on the Allowed / Blocked API Endpoints and IP settings. Make sure these are configured correctly before saving.
  • Token Expiry Must Be Monitored:- If the expiry date is reached, the API token will stop working. Update the expiry date in advance to avoid service interruption.
  • Use “Inactive / Delete” Carefully:- Deleting or disabling an API token immediately stops access for all linked integrations.
  • One Token Can Have Multiple Rules:- You may configure any combination of Allowed and Blocked Endpoints & IPs. The most restrictive rules will apply.
  • Only Authorized Users Should Manage Tokens:- API token creation, editing, or deletion should be performed by admins or users with assigned security permissions.
  • Log Out After Configuration:- For security best-practice, log out of the system after generating or modifying API tokens.
  • Regenerate Tokens if Compromised:- If you believe a token is leaked or misused, delete it immediately and create a new one.

FAQs

Q1: What details of an existing API token can be edited?

When editing an API token, the following details can be updated: Organization Name → Change the name of the organization (e.g., from Hiclouds to Apex Connect Ltd.). Organization ID → Update the unique identifier for the organization. API Key → Generate or change the security key used for API access. Allowed API Endpoints → Modify the list of API services permitted for access. Blocked API Endpoints → Modify the list of API services restricted from access. Allowed IP → Update the list of IP addresses permitted to use the token. Blocked IP → Update the list of IP addresses denied access. Expire Date → Change the validity or expiration date of the token. After saving, a confirmation message will appear stating that the API Key has been updated successfully.

Q2: How to use API token with Compliance Client?

To use an API token with the Compliance Client: 1. Generate an API token → Follow the steps in Creating an API Access Token. 2. Install the Compliance Client application → As explained in How to install compliance client app in Windows. 3. Configure the profile → Open the Compliance Client profile settings. Enter the required details: API token, name, language, and URL. Add the newly generated API token in the configuration. 4. Save the profile → Click the Save button. Confirmation → A message will appear confirming that the profile is saved successfully. Click OK to finalize. This ensures the Compliance Client can securely communicate using the generated API token.