Deactivating an API token

Deactivating an API token means disabling or revoking the token so that it can no longer be used to authenticate or access the API. When an API token is deactivated, it stops working, any API calls made with it will fail ( usually with a 401 Unauthorized error).

Common reasons to deactivate an API token:
  • Security concerns (e.g., it was leaked or compromised).
  • The user or application associated with it no longer needs access.
  • Token rotation or replacement (e.g., issuing a new token periodically).
  • Account deactivation or cleanup of unused tokens.

Steps

  1. To deactivate the External API token from the External API tile:
    1. Navigate to Admin > External API.

      The following page opens displaying existing OAuth tokens.



    2. Click the Deactivate icon.

      The Deactivate Token dialog opens.



    3. Click Deactivate to deactivate the API token.
  2. Once the API token is deactivated, the API token tile displayed the Delete icon replacing the Deactivate icon.

Next steps

You can reactivate the external API token by modifying the expiration date of a deactivated external API token.