API tokens

API tokens allow you to test the Front Core API or implement integrations or scripts that make programmatic updates to Front via the API. Once you have an API token, you can use it to authenticate Core API requests.

API tokens apply at a company level rather than being tied to a specific user, so anyone at your company with admin privileges will see the token you create.

📘

You must be an admin to create or manage API tokens.

OAuth access versus API tokens

Front requires that partners implement OAuth instead of API tokens when building Core API integrations that make updates on behalf of a Front customer or their account, unless you obtain an exception from us. OAuth makes it easier for users to enable and use your integration by allowing users to simply authorize the app with an existing account. To learn more about this topic, refer to Authentication.

To learn how to configure OAuth, refer to the Create, manage, and publish apps topic.

Create an API token

  1. Go to Settings > Developers.
  2. Go to the API Tokens tab.
  3. Click Create API token.
  4. Specify an API token name.

👍

Use an extremely descriptive name

Once you create a token and implement it, you may forget about it. Using a very detailed and specific token name will help you identify where the token is being used after it is created.

  1. Specify a token Scope. The token's scope determines what permissions the token has to carry out operations via the Core API. Refer to the Token scopes section to learn about token scopes.
  2. Click Create.

Token scopes

Token scopes determine what resources the token scope has access to edit. The following table explains the available scopes.

📘

All tokens have access to global resources

Global resources are available to all API tokens and include features like global tags and global rules.

ScopeDescription
Private resourcesAccess to private resources of individual team members, such as conversations, messages, inboxes, rules, and tags for an individual.

Note: For an API token with this scope to manage private resources, an individual team member must also allow API access to their private resources within their preferences. Alternatively, an admin can enable the setting across all teammates.
Shared resourcesAccess to team resources across all teams in your company.
TeamAccess to the resources of a particular team in your company.
Knowledge BaseAccess to knowledge base resources.
Auto-provisioningAccess to Front's SCIM server, which is used to sync user accounts between Front and external systems. Available only on the Scale plan.
ProvisioningAccess to manage which teams, inboxes, and shifts a teammate is part of.

View API token details

After creating an API token, you can view its details to obtain the token value and other useful information, such as who created the token and when.

  1. Go to Settings > Developers.
  2. Go to the API Tokens tab.
  3. Click an API token to open its details page.
  4. Click Reveal or Copy to obtain the API token value. Use this value to authenticate Core API requests.
  5. Note other useful fields about the token, such as who created it and what scope it has, to learn more about how the token is used.

Delete an API token.

You can delete any API token by completing the following steps. Note that deleting a token will immediately prevent any applications using the token from making requests to the Core API, so ensure the token is no longer needed because this operation cannot be undone.

  1. Go to Settings > Developers.
  2. Go to the API Tokens tab.
  3. Click an API token to open its details page.
  4. Click Delete.