What are API Tokens?
API tokens are secure authentication keys that allow external applications and scripts to interact with your QuickBot account programmatically. They provide:- Secure Access: Authentication without exposing your password
- Granular Control: Each token can be managed independently
- Easy Revocation: Tokens can be deleted instantly if compromised
- Activity Tracking: Monitor when and how your tokens are used
Creating API Tokens
Generate a New Token
To create a new API token:- Go to your Account settings
- Navigate to the API Tokens section
- Click the Create Token button
- Enter a descriptive name for your token
- Click Generate Token
Important: The token value will only be displayed once immediately after creation. Copy and
save it securely - you won’t be able to view it again.
Token Naming Best Practices
Use descriptive names that help you identify the token’s purpose:- ✅
Production Website Integration - ✅
Development Testing - ✅
Mobile App Backend - ❌
Token 1 - ❌
API Key
Managing Your Tokens
Viewing Active Tokens
The API Tokens page shows all your active tokens with:- Token Name: The descriptive name you assigned
- Created Date: When the token was generated
- Last Used: When the token was last used (if available)
Token Security
- Keep tokens secure: Treat API tokens like passwords
- Use environment variables: Don’t hardcode tokens in your source code
- Limit token scope: Create separate tokens for different applications
- Regular rotation: Consider recreating tokens periodically for enhanced security
Revoking Tokens
To delete an API token:- Find the token in your API Tokens list
- Click the Delete button next to the token
- Confirm the deletion
Once a token is deleted, all applications using that token will immediately lose access. Make sure
to update your applications with new tokens before deleting old ones.
Using API Tokens
Authentication Header
Include your API token in the Authorization header of your HTTP requests:API Documentation
For complete API documentation including all available endpoints and parameters, visit the API Reference section.Troubleshooting
Token Not Working
If your API token isn’t working:- Verify the token: Ensure you copied the complete token string
- Check the header format: Use
Authorization: Bearer <token> - Confirm token status: Make sure the token hasn’t been deleted
- Review rate limits: You may have exceeded your hourly request limit
Security Concerns
If you suspect a token has been compromised:- Delete immediately: Remove the token from your account
- Generate new token: Create a replacement with a new name
- Update applications: Replace the old token in all your code
- Review usage: Check recent API activity for suspicious requests
Best Practices
Development vs Production
- Use separate tokens for development and production environments
- Never commit tokens to version control systems
- Use environment variables or secure configuration management
- Regularly audit and rotate tokens in production
Create tokens with specific, descriptive names and delete them as soon as they’re no longer
needed. This minimizes security risks and keeps your token list clean and manageable.