Create and manage API tokens
Issue personal access tokens for scripted access to the HOWLOPS REST API.
API tokens let scripts, CI pipelines, and external tools authenticate against the HOWLOPS REST API without using your password.
Create a token
- Go to Settings > API tokens.
- Click New token.
- Enter a descriptive name (for example:
ci-pipelineormonitoring-script). - Select the expiry duration: 30 days, 90 days, 1 year, or no expiry.
- Click Generate.
Copy the token now. It is shown only once. If you lose it, revoke it and create a new one.
The token starts with xinex_ followed by a 64-character hex string.
Use a token
Pass the token as a Bearer token in the Authorization header:
curl -X GET https://api.example.com/api/v1/monitors \
-H "Authorization: Bearer xinex_abc123..."
All API endpoints that require authentication accept this token. See the REST API reference for a full endpoint listing.
Revoke a token
- Go to Settings > API tokens.
- Find the token row.
- Click the action menu (...) > Revoke.
The token becomes invalid immediately. There is no recovery — create a new token if needed.
List and audit tokens
The API tokens list shows every active token along with:
- Name
- Created date
- Expiry date (or "Never")
- Last used date (updated approximately every 15 minutes)
If a token has not been used in a long time, consider revoking it to reduce attack surface.
Token scope
API tokens have the same permissions as the user who created them. They do not support per-scope restrictions in the current version. If you need read-only access from a script, use a team member account with the Viewer role and generate a token from that account.
See also
Was this page helpful?