An "API token" is required to authorize the API request if you want to connect an external system to the Lexeri API. API tokens work in a similar way to login details for external systems.
This article contains the following areas:
Creating an API token
To create an API token, go to the termbase settings and switch to the "API" tab. Here you will find the "Create API token" button:
After clicking on the button, a dialog for creating an API token opens. Here you can give the token a name and select a duration for the token. After this period, the token expires automatically and the external system that uses the API token will then be unable to access the Lexeri API with this token.
You can also select whether the API token should give the external system write access to the termbase. This is only necessary if the system must be able to make changes to the terminology like a terminology manager.
Once you have created the token, the new token is displayed in the form of a long sequence of letters. Click on the "Copy" button to copy the token to your clipboard.
The token will no longer be displayed after you close the window, so be sure to copy it before you close the window.
Delete API token
Users assigned the "Administrator" role can delete current API tokens at any time in the "API” tab of their termbase settings.
To do so, click on the trash can icon in the API token that you want to delete:
External systems that use the deleted API token will then no longer have access to the Lexeri API.
Best practices for the secure handling of API tokens
API tokens enable external systems to access your termbase. API tokens should therefore be treated like login details and handled with care. Here are some of our recommendations for API tokens:
- Create a separate API token for each external system so that you can block them individually if necessary
- Never save API tokens in source code or in publicly accessible files
- Restrict token access to authorized persons and systems
- Renew API tokens at regular intervals (recommended: every 3-6 months)
- Disable any compromised tokens without delay if necessary