# Personal API Tokens

Personal API tokens enable secure, programmatic access to the Apono API when using tools like Terraform or building integrations.

Tokens have the following security characteristics:

* **User-Scoped Access**: Inherits specific user permissions and access
* **One-Time Display**: Viewable only during initial creation, then masked permanently
* **Account Dependency**: Deactivates automatically when the associated user account is deleted

***

### Prerequisite

<table><thead><tr><th width="217">Item</th><th>Description</th></tr></thead><tbody><tr><td><strong>Apono UI Credentials</strong></td><td>Username and password information used to access the Apono UI</td></tr></tbody></table>

***

### Create a personal API token

<figure><img src="https://1094436629-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fv6MBfUGvblSdAz31yJXm%2Fuploads%2Fgit-blob-0b5039236c6a206d5bb90e3f85f0f325dce7271c%2Fapi-token.png?alt=media" alt="" width="563"><figcaption><p>Add Personal API Token and Token sections</p></figcaption></figure>

Follow these steps to create a personal API token:

1. On the [**Personal API Token**](https://app.apono.io/personal-api-tokens) page, click **Add API Token** or **Create Token**. The **Add Personal API Token** page opens.
2. Under **Add Personal API Token**, enter a token name in the text field. The name will identify the token on the **Personal API Token** page.

{% hint style="info" %}
The name must be a **minimum of 3 characters**.
{% endhint %}

3. Click **Generate New Token**. The token appears.
4. Under **Token**, copy the token.

{% hint style="danger" %}
Be sure to copy and securely store this token in a password manager. This is the only time the secret will be displayed.
{% endhint %}

5. Click **Done**. The new token will appear on the **Personal API Tokens** page.

After creating a personal API token, you can authenticate your queries to the [Apono API](https://docs.apono.io/api-reference). We strongly advise **not to hardcode a token in your code**. Use environment variables or secret management.

***

### Delete a personal API token

Deleting an API token is an important security practice when the token is no longer needed.

{% hint style="danger" %}
Before deleting an API token, remove the token from any project, code base, or third-party platform to prevent service disruptions.
{% endhint %}

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXduBj64R-2oqtbwInhmqB9AP4a3JsuYbrvPIXZzubugull7kU7fOjTI8exZUPuZY0U-DBdZ1uMSi17A6bmT5VtIuArJ7sCCcf_SpX6R7fCkeZflkN2CjN4onhKbu-l2U7QPFMUYQA?key=7CZ_gCfJSopzOpl2jxyytRWm" alt="" width="375"><figcaption><p>Delete confirmation popup</p></figcaption></figure>

Follow these steps to delete a personal API token:

1. On the [**Personal API Token**](https://app.apono.io/personal-api-tokens) page, in the row of the API token, click **Delete**. A delete confirmation popup window appears.
2. Click **Yes**. The API token is deleted.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.apono.io/docs/architecture-and-security/personal-api-tokens.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.