GuidesAPI ReferenceChangelogCommunity
Guides
Front
Start typing to search…

API tokens

API tokens allow you to test the Front Core API or implement integrations or scripts that make programmatic updates to Front via the API. Once you have an API token, you can use it to authenticate Core API requests.

API tokens apply at a company level rather than being tied to a specific user, so anyone at your company with admin privileges will see the token you create.

📘

You must be an admin to create or manage API tokens.

OAuth access versus API tokens

Front requires that partners implement OAuth instead of API tokens when building Core API integrations that make updates on behalf of a Front customer or their account, unless you obtain an exception from us. OAuth makes it easier for users to enable and use your integration by allowing users to simply authorize the app with an existing account. To learn more about this topic, refer to Authentication.

To learn how to configure OAuth, refer to the Create, manage, and publish apps topic.

Create an API token

  1. Go to Settings > Developers.
  2. Go to the API Tokens tab.
  3. Click Create API token.
  4. Specify an API token name.
👍

Use an extremely descriptive name

Once you create a token and implement it, you may forget about it. Using a very detailed and specific token name will help you identify where the token is being used after it is created.

  1. Choose the features, namespaces, and permissions the token should have.

    Features

    The following features specify what functionality your token can be used for:

    • Access resources allows you to manage Core API resources such as conversations, contacts, inboxes, etc.
    • Auto-provisioning allows you to manage provisioning resources using our SCIM implementation, which you have to contact our team to learn more about (not generally available to the public).
    • Application triggers allows you to process events and payloads from external services (not currently available for OAuth tokens).

    Namespaces

    The following namespaces specify the scope of tokens:

    • Global resources are resources available across the company. These are resources created at the company level such as company-level rules, company-level tags, or resources that only exist at the company level, such as teams or accounts. Global resources exclude resources that belong to to specific workspaces, which are separately configured as shared resources.
    • Shared resources are resources that belong to specific workspaces, such as shared inboxes or workspace tags. You can select All shared workspaces to manage resources across all your workspaces.
    • Private resources are resources that belong to individual teammates, such as personal inboxes or signatures. The teammate will have to enable API access in their settings for the token to manage their resources.

    Permissions

    If you selected to access resources, you can granularly specify what access the token has to each resources (read, write, delete, and send).

    👍

    Tips for using permissions

    • Refer to the API endpoint topics in the Core API reference documentation to learn which permissions are required for each endpoint.
    • Front recommends limiting the permissions for each token to prevent misuse or security issues.
    • The following permissions exist:
      • Read for retrieving resource information.
      • Write for creating and updating resources.
      • Delete for removing API resources.
      • Send for creating and sending messages in Front, such as you would do with endpoints like Create message, which start new conversations or reply to active conversations. This is different from endpoints that import historical messages, which only require the Write permission.

  2. Click Create.

View API token details

After creating an API token, you can view its details to obtain the token value and other useful information, such as who created the token and when.

  1. Go to Settings > Developers.
  2. Go to the API Tokens tab.
  3. Click an API token to open its details page.
  4. Click Reveal or Copy to obtain the API token value. Use this value to authenticate Core API requests.
  5. Note other useful fields about the token, such as who created it and what scope it has, to learn more about how the token is used.

Delete an API token.

You can delete any API token by completing the following steps. Note that deleting a token will immediately prevent any applications using the token from making requests to the Core API, so ensure the token is no longer needed because this operation cannot be undone.

  1. Go to Settings > Developers.
  2. Go to the API Tokens tab.
  3. Click an API token to open its details page.
  4. Click Delete.

Updated 13 days ago