How to create and invalidate API tokens.
Generating API Tokens

Head over to API Tokens section, and click on "+", give it a name, choose permission level and press Add.
Tokens can have one of 2 permission levels:
- Read - Allows you to perform reads against the API, but won't let you change anything.
- Write - Full access token. Allows reads and writes.
Optionally, you can set Allowed IPs when creating the token to restrict where it can be used from.
Editing an existing token (type and allowed IPs)
You can update a token’s scope and network restrictions at any time:
- In API Tokens, click pencil icon next to the token.
- Change the Type (Read/Write) and/or Allowed IPs (comma-separated IPv4/IPv6 or CIDR).
- Save your changes.
Using API tokens
Supply your API token in the Authorization
header as a Bearer token for all authenticated API calls.
Example (cURL)
curl https://api.controld.com/users \
--header 'authorization: Bearer YOUR_FANCY_TOKEN'
If successful, you’ll see your account details.
Invalidating API Tokens
Click the delete button next to the token name you wish to delete.
Using API Tokens
Supply your API token in the Authorization
header, as a Bearer token in all authenticated API calls.
curl https://api.controld.com/users --header 'authorization: Bearer YOUR_FANCY_TOKEN'
You should see your account details if you've done this correctly.