API Access Token
Table of Contents
- Account tokens vs User tokens
- Getting to the account access token page
- Generating an account access token
- Obtaining the generated access token
- Viewing the permissions of a scoped access token
- Removing an account access token
If you want to access the DNSimple API v2, you need an access token.
This article covers generating account tokens and user tokens. If you want to create an application that requires access to DNSimple, or let an external application request authorization to private details in a user’s DNSimple account without getting their password, you’ll need an OAuth Token instead.
Account tokens vs User tokens
API v2 offers 2 types of tokens: account tokens and user tokens.
The user token gives you access to any resource associated to any account the user has access to. An account token gives you access only to the resources connected to that account.
We recommend using account tokens unless your application needs multi-account access via single token.
Getting to the account access token page
To generate an account access token, log into your account and navigate to your account page.
Once you are there click on the link in the left menu.
This shows all of your account access tokens and allows you to add new access tokens, or remove existing access tokens.
You can see the last used date of an access token from the list of existing access tokens.
Generating an account access token
To generate an account access token with fine-grained permission scopes, i.e. a scoped access token, you must be subscribed to an eligible plan.
Click on the link to add a new access token.
When you create a new token, you need to give it a name you can remember. If you are subscribed to an eligible plan, you can choose the permission scopes the token should have. Otherwise, the token will have full permissions to all resources in the account, and you can click on to create the token after giving it a name.
Selecting permission scopes
Scoped access tokens can be restricted to access only certain resources, or certain groups of resources, in an account. The type of access, i.e. read-only or full access, can also be specified. For instance, you can create an account access token with permissions for managing all the certificates for a given domain name or across all domain names. You can also create account access tokens with read-only permissions for specific zones.
Certificates, domains, registrar, and zones are resource types that allow restriction of access to specific resources. For instance, when configuring the token for access to zones, you can specify whether it should have access to all zones in the account, or only selected zones, as well as whether the type of access should be read-only or full (i.e. read and write).
When you are finished with your selections, click on to create the token.
Obtaining the generated access token
After clicking on , the generated access token will be displayed on the screen.
Copy the text for the access token – it will only be shown once.
You can now access the API with this token using the HTTP header Authorization: Bearer {TOKEN}, replacing {TOKEN} with the value taken from the page when the token is generated. If you’d like additional information on how to access the API with the newly generated token, please visit the authentication section on the DNSimple Developer site.
Viewing the permissions of a scoped access token
Once an access token has been created, its permissions cannot be changed. However, you can still view the permissions it was created with.
To do so, click on the access token you want to view from the list of access tokens.
You can then see what resources the token has access to.
Removing an account access token
You can also remove a token at any time by using the button.
