Workspace API tokens are meant to be used for programmatic management, such as archiving inactive Reports or deleting schedules for stale Reports across your Workspace. These tokens mimic Admin access to the Workspace and only Admins will be able to create and manage them.

To generate a new API token, you must be on a paid plan and an Admin of your Workspace. Navigate to Workspace Settings > Privacy & Security > API. Click the “gear” icon and select “Create new API token.” You will be prompted to add a display name and save the token. Ensure you save the credentials securely.

The credentials are comprised of two parts:

1. Token: The public component of the credential. Often referred to as the username or access key during authentication.
2. Secret: The private component of the credential. Often referred to as the password or access secret during authentication. This is only shown once when creating the token and must be saved somewhere secure before closing the modal.

Workspace API tokens are set to expire after 90 days by default. The expiration can be updated by clicking the “gear” icon and selecting “Token expiration settings.” To revoke all tokens, select “Revoke all tokens…” and confirm the action.

Admins will be able to see the following for all active, revoked and expired API tokens already generated:

• Who the token was created by
• When the token was last used
• When the token is set to expire

Limitations:

• Workspace API tokens cannot be used with the Clone endpoint for Report Runs or for creating new invites
• Granular permissions are not currently supported with the Workspace API tokens; they allow admin access to the Workspace for now.