🇬🇧 EN
🇮🇹 IT
User Guide / Settings / API Tokens

3.6 API Tokens

API Tokens are personal access tokens that allow third-party applications to authenticate with the Flusso API on your behalf. Each token is scoped to specific abilities and can optionally have an expiry date.

Creating a Token

  1. Open API Tokens settings Navigate to Settings → API Tokens in the sidebar.
  2. Enter a token name Choose a descriptive name that identifies the application or integration that will use this token (e.g. "Zapier Integration", "CI/CD Pipeline").
  3. Set an expiry date (optional) If you want the token to expire automatically, pick a date. Leave blank for a non-expiring token.
  4. Click "Create" The token is generated with the external-api ability, which grants access to the Flusso external API endpoints.

Token Security

Copy your token immediately. The full token value is displayed only once, right after creation. If you close the dialog or navigate away without copying it, the token cannot be retrieved — you will need to revoke it and create a new one.

Tokens are stored as hashed values in the database. Flusso never stores or displays the plain-text token after the initial creation screen. Treat your tokens like passwords — do not commit them to version control or share them in plain text.

Managing Tokens

All your active tokens are listed in a table with the following columns:

Column Description
Name The label you assigned when creating the token.
Last Used The date and time the token was last used to make an API request. Shows "Never" if the token has not been used yet.
Created The date the token was created.
Expires The expiry date, if one was set. Shows "Never" for non-expiring tokens.

Revoking a Token

To revoke a token, click the Delete (trash) icon next to it in the token table. A confirmation prompt will appear.

Revocation is irreversible. Once a token is revoked, any application using it will immediately lose access to the Flusso API. You cannot restore a revoked token — create a new one instead.
Tip: Regularly review your token list and revoke any tokens that are no longer in use. Check the "Last Used" column to identify stale tokens.
← WhatsApp Accounts ElevenLabs →