Skip to main content

Create API Token

API tokens authenticate your SDK requests to the Stringboot API.
1

Navigate to API Tokens

Go to API Tokens page (/tokens) from the sidebar
2

Select Application

Choose an application from the dropdown
3

Click New Token

Click the New Token button
4

Configure Token

Fill in the form:
  • Token Name (required, max 50 characters) - Descriptive name
  • Token Type - Select one:
    • Standard - Server-to-server API access
    • Plugin - Browser extensions/plugins (auto-bypass CORS)
  • Expiry Date (optional) - Set expiration for security
5

Create

Click Create API Token to generate
6

Copy Token

IMPORTANT: Copy the token from the dialog immediatelyThe token is only shown once and cannot be retrieved later
7

Done

Click Done to close the dialog
Security Critical: The token is displayed only once. Store it securely immediately after creation.

Token Types

Choose the right token type for your use case:
  • Standard Token
  • Plugin Token
Use for:
  • Mobile apps (iOS/Android)
  • Desktop applications

View Tokens

The API Tokens page displays all your tokens with key information:

Filter Tokens

1

Navigate to Tokens

Go to API Tokens page
2

Select Filter

Choose from dropdown:
  • All Applications - Show all tokens
  • Specific App - Filter by application

Token Information

ColumnDescription
NameToken name you specified
TokenMasked token value (click to copy)
ApplicationAssociated app name
TypeStandard or Plugin
StatusActive or Revoked
CreatedCreation date
ExpiryExpiration date (if set)
ActionsCopy, Revoke, Delete options

Copy Token

Retrieve a token value to use in your application:
1

Find Token

Locate the token in the table
2

Click Copy

Click the Copy icon (clipboard)
3

Confirmation

Token copied to clipboard - paste in your SDK configuration

Revoke Token

Disable a token without deleting it:
1

Navigate to Tokens

Go to API Tokens page
2

Find Token

Locate the token you want to revoke
3

Click Revoke

Click the Revoke icon (circular arrow)
4

Confirm

Confirm revocation in the dialog
Revoked tokens cannot be reactivated. Create a new token if needed.

Delete Token

Permanently remove a token:
1

Find Token

Navigate to API Tokens and find the token
2

Click Delete

Click the Delete icon (trash)
3

Confirm

Confirm deletion in the dialog

Revoke All Tokens

Quickly revoke all tokens for a specific application:
1

Select Application

Choose a specific application from the dropdown (not “All Applications”)
2

Click Revoke All

Click the Revoke All button at the top
3

Confirm

Confirm the action in the dialog
This revokes all active tokens for the selected application. This action cannot be undone.

Token Security Best Practices

Descriptive Names

Use names that indicate:
  • Environment (Production, Staging, Dev)
  • Purpose (iOS App, Web Dashboard)
  • Date created (iOS Prod - Jan 2024)

Set Expiry Dates

  • Use expiry for enhanced security
  • Rotate tokens periodically
  • Set shorter expiry for high-risk environments

Revoke Unused Tokens

  • Revoke tokens immediately when no longer needed
  • Clean up old tokens regularly
  • Review token list monthly

Store Securely

  • Use environment variables
  • Never commit to version control
  • Use secret management tools
  • Encrypt in databases

Monitor Usage

  • Track which tokens are in use
  • Monitor for unexpected activity
  • Rotate after security incidents

Token Storage Examples

  • Environment Variables
  • Android (BuildConfig)
  • iOS (Info.plist)
.env
STRINGBOOT_API_TOKEN=std_1a2b3c4d5e6f7g8h9i...
STRINGBOOT_BASE_URL=https://api.stringboot.com

await StringBoot.initialize({
  apiToken: process.env.STRINGBOOT_API_TOKEN,
  baseUrl: process.env.STRINGBOOT_BASE_URL
});

Troubleshooting

Check:
  • Token is active (not revoked)
  • Expiry date hasn’t passed
  • Using correct application ID in requests
  • Token type matches use case (Standard vs Plugin)
  • Token copied correctly (no extra spaces)
Test with cURL:
curl -H "Authorization: Bearer YOUR_TOKEN" \
     https://api.stringboot.com/api/strings/meta?appId=YOUR_APP_ID
Common causes:
  • Token revoked or expired
  • Incorrect token format
  • Missing Bearer prefix
  • Wrong application ID
Solution: Generate new token and verify configuration
If getting CORS errors:
  • Use Plugin token type for browser-based apps
  • Or configure CORS on your backend
  • Standard tokens don’t bypass CORS
For production web apps: Use Plugin token or proxy through your backend
If you didn’t copy the token:
  • Token cannot be retrieved again
  • Revoke the lost token
  • Create a new token
  • Copy immediately this time
Prevention: Always copy tokens to secure storage immediately

Quick Actions from Dashboard

From the main dashboard, quickly create tokens:

Dashboard Shortcut

Click Generate API Token on the dashboard

Tokens Page

Use New Token button on /tokens page

Next Steps

SDK Quickstart

Use your token in SDK integration

Web SDK Setup

Configure Web SDK with token

Android SDK

Configure Android SDK with token

iOS SDK

Configure iOS SDK with token