# Personal API Tokens

Personal API tokens enable secure, programmatic access to the Apono API when using tools like Terraform or building integrations.

Tokens have the following security characteristics:

* **User-Scoped Access**: Inherits specific user permissions and access
* **One-Time Display**: Viewable only during initial creation, then masked permanently
* **Account Dependency**: Deactivates automatically when the associated user account is deleted

***

### Prerequisite

<table><thead><tr><th width="217">Item</th><th>Description</th></tr></thead><tbody><tr><td><strong>Apono UI Credentials</strong></td><td>Username and password information used to access the Apono UI</td></tr></tbody></table>

***

### Create a personal API token

<figure><img src="https://1094436629-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fv6MBfUGvblSdAz31yJXm%2Fuploads%2Fgit-blob-0b5039236c6a206d5bb90e3f85f0f325dce7271c%2Fapi-token.png?alt=media" alt="" width="563"><figcaption><p>Add Personal API Token and Token sections</p></figcaption></figure>

Follow these steps to create a personal API token:

1. On the [**Personal API Token**](https://app.apono.io/personal-api-tokens) page, click **Add API Token** or **Create Token**. The **Add Personal API Token** page opens.
2. Under **Add Personal API Token**, enter a token name in the text field. The name will identify the token on the **Personal API Token** page.

{% hint style="info" %}
The name must be a **minimum of 3 characters**.
{% endhint %}

3. Click **Generate New Token**. The token appears.
4. Under **Token**, copy the token.

{% hint style="danger" %}
Be sure to copy and securely store this token in a password manager. This is the only time the secret will be displayed.
{% endhint %}

5. Click **Done**. The new token will appear on the **Personal API Tokens** page.

After creating a personal API token, you can authenticate your queries to the [Apono API](https://docs.apono.io/api-reference). We strongly advise **not to hardcode a token in your code**. Use environment variables or secret management.

***

### Delete a personal API token

Deleting an API token is an important security practice when the token is no longer needed.

{% hint style="danger" %}
Before deleting an API token, remove the token from any project, code base, or third-party platform to prevent service disruptions.
{% endhint %}

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXduBj64R-2oqtbwInhmqB9AP4a3JsuYbrvPIXZzubugull7kU7fOjTI8exZUPuZY0U-DBdZ1uMSi17A6bmT5VtIuArJ7sCCcf_SpX6R7fCkeZflkN2CjN4onhKbu-l2U7QPFMUYQA?key=7CZ_gCfJSopzOpl2jxyytRWm" alt="" width="375"><figcaption><p>Delete confirmation popup</p></figcaption></figure>

Follow these steps to delete a personal API token:

1. On the [**Personal API Token**](https://app.apono.io/personal-api-tokens) page, in the row of the API token, click **Delete**. A delete confirmation popup window appears.
2. Click **Yes**. The API token is deleted.