For Premium eshops, there is a screen in the administration to maintain your tokens (kind of passwords) for Private API. You can find it in section “Connections” » “Private API”.
There is a list of tokens generated, if there are any. The token itself is an alphnumeric (and a dash - char) 38-60 characters long string. Each token has its description so you can easily identify them by purpose. For security reasons, we recommend you to use separate tokens for each service connected to your eshop. You can generate up to 10 tokens. There is no validity limit for the tokens.
To add a new token, click on “Add” button. You will be asked to enter a description. Once submitted, the new token will be displayed in the list of tokens. For security reasons, only the first two and last two characters are displayed. To see the complete token, click on it. You will be prompted to repeat your password and then your token will be displayed. Be carefull not to compromise it – all data from your eshop can be read using the token.
If you do not need any of the tokens, remove it promptly so it cannot be misused. Locate the token, move your mouse the the “Action” column and press the red cross to delete it.
If you are in risk any of your tokens might have got leaked, delete it in the administration and generate a new one.
Private API tokens use endpoint group rights to control access to the API. Each token is assigned one or more endpoint groups, and each group grants read, write, or read+write access to the endpoints it contains.
When you create a new token, all available endpoint groups are assigned automatically — the token can access all API endpoints out of the box.
You can restrict a token’s access at any time by removing individual endpoint groups in the administration under Connections » Private API. Select the token and manage its endpoint groups in the detail view.