API tokens are required to use Loop APIs for security and authentication purposes. Tokens can be accessed and created by users who have the

Before You Start

Handle API tokens with care: API tokens are sensitive credentials. Only share them with trusted partners to avoid potential data and privacy breaches. If you suspect that your token has been compromised or lost, immediately delete the token and contact the Loop team for further assistance.
Review token scopes carefully: Be mindful of the scopes assigned to each token. Assign only the necessary scopes required for the integration or use case to minimize access and reduce security risks.
Create specific tokens for third-party integrations: When building an integration with a third party, we recommend generating a new API token with a name specific to that integration. This will help you track the calls made by the integration and ensure that only the required scopes are assigned.
Keep token usage secure: Store your tokens in a secure environment, such as environment variables or a secure vault, to prevent unauthorized access. Avoid hardcoding tokens in source code repositories.
Audit token usage regularly: Regularly review the tokens you’ve created and ensure they are being used as intended. Revoke tokens that are no longer in use or that no longer meet security or functional requirements.This helps mitigate security risks by reducing the potential attack surface.

Create API tokens

Open the Loop app and navigate to Settings in the bottom left corner.
Under the Admin category, click on API Tokens. This will display the list of existing tokens.
To generate a new token, click on Generate New Token.
Provide a name for the token, select the appropriate token scope, and click Generate Token.
The new token will be generated and displayed immediately on the page.
To view the token, click Show Token. It’s important to keep the token confidential and avoid sharing it with unauthorized users to prevent potential data breaches.
If you need to modify the token scope, click Edit and make the required changes.
If a token is accidentally shared, click Remove Token to revoke it.

You have the ability to create multiple API tokens for different purposes, each with different permissions based on the scopes you assign. These tokens can be viewed and managed in the Manage API tokens section.

Treat these tokens as sensitive as passwords and keep them confidential. They should be securely stored on the server side, not exposed to the public. If an unauthorized person obtains your token, they can perform any actions on your subscriptions that are allowed by the token's assigned scopes.

Replacing or Rotating API Tokens

If you need to replace or rotate your API token, follow these steps:

Generate a new token.
Remove the old token.
Update your applications and scripts to use the new token.