Get a Server API Token

Last updated
Save as PDF

Applies to:: All MindTouch Versions
Role required:: Admin

Generate Server API Tokens to integrate Expert with your server or backend application.

Navigate to the API Token Management dashboard

Navigate to Site tools > Dashboard > Integrations > API Token Management.
If you cannot find an API token Management link on the Integrations dashboard, contact your Customer Success Manager to enable the feature.

Generate a Server API token

<developer-token type="{type}" >
    <key>{key}</key>
    <name>{name}</name>
    <restricted-by-user-id>{user_id}</restricted-by-user-id>
</developer-token>

In the Add an API token section, select the Server radio button.
Enter a Name for the token that is easy to track and manage.
Click Generate API token.
Record the API token information and copy your API token secret to a safe location.

Do not close the "API Token created" window without copying and recording your secret. Your API Token key will not function without your secret, and your secret will no longer be accessible once the window is closed. Both the key and the secret are necessary for integrating with the Expert API, so do not lose them.

Restrict a Server token to a user

Server tokens can be restricted by using the API directly on POST:site/developer-tokens and PUT:site/developer-tokens/{id}.

Example POST request:


<developer-token type="{type}" >
    <key>{key}</key>
    <name>{name}</name>
    <restricted-by-user-id>{user_id}</restricted-by-user-id>
</developer-token>

Long-term JSON Web Tokens (OAuth bearer tokens)

For apps that need it, a long-term JWT (also called an OAuth bearer token) can be created at the same time as the server token key and secret. This allows authentication to be set by user, tenant, or group, which provides flexibility without compromising security.

Upon creation of a new server token, an OAuth bearer token is returned immediately. This is a one-time issuance and the token has a 10-year expiration.

You can see your server tokens in the Dashboard, but because the JWTs are not visible we advise you to name the server token to indicate that an OAuth bearer token is associated with it. If there is an issue with an OAuth bearer token, this indicates the server token should be removed and a new server token / long-term JWT should be obtained.

Example of created server token with JWT:


{"@id":"9","@type":"server","@date":"Wed, 19 Feb 2025 17:20:49 GMT","@href":"https://spencersso.mindtouch.es/@api/deki/site/developer-tokens/9","authorization":"Bearer eyJhbGciOiJIUzUxMiIsImtpZCI6IjkiLCJ0eXAiOiJKV1QifQ.eyJzdWIiOiJhMmFkNDU0YjYwMTI1MTI5NjQ0YjdkYjk0MTZiNWYzY2I3NzE3ZDUwMDAwYzM4OTVlZGI2OGRhZDU1ZTAwYzU3IiwiYXVkIjoiYXV0aC1zZXJ2aWNlLVNlcnZlciIsImV4cCI6IjIwNTU1MTg0NDkiLCJpc3MiOiJodHRwczovL3NwZW5jZXJzc28ubWluZHRvdWNoLmVzLyIsImlhdCI6IjE3Mzk5ODU2NDkiLCJuYmYiOiIxNzM5OTg1NjQ4In0.R7koEcEyFnzTdFQ9APHlaLp8FtVrKP9hQOqou3qiVsi0ClHRRWljtzLOPCrR48QcLQ9GivUh6wJ0sd5Cr7rj9Q","key":"a2ad454b60125129644b7db9416b5f3cb7717d50000c3895edb68dad55e00c57","name":"foo jwt","restricted-by-user-id":"1","secret":"18c19f9b2663d2aefe4170b8346aa3303365382bb09c5f235f5c72310ea8ff6d"}