> ## Documentation Index
> Fetch the complete documentation index at: https://docs.omneo.io/llms.txt
> Use this file to discover all available pages before exploring further.

# API Tokens

> Generating and managing bearer tokens for API authentication.

API Tokens are pre-generated bearer tokens used to authenticate requests to the Omneo API. They are the simplest way to authenticate server-to-server integrations.

## Generating an API token

1. Log in to CX Manager
2. Navigate to **Settings → API Tokens**
3. Select **Add Token**
4. Give the token a descriptive name (e.g., `Shopify Integration`, `Klaviyo Sync`)
5. Select the scopes this token should have access to
6. Select **Add Token**
7. **Copy the token immediately**: it cannot be viewed again after this screen

## Using an API token

Include the token in the `Authorization` header of every API request:

```shell theme={null}
curl -H "Authorization: Bearer YOUR_TOKEN_HERE" \
     -H "Accept: application/json" \
     https://api.[tenant].getomneo.com/api/v3/profiles
```

## Token scopes

Scopes control what the token can access. Common scope configurations:

| Integration            | Recommended scopes |
| ---------------------- | ------------------ |
| Full admin integration | `*` (all scopes)   |
| Read-only reporting    | Read scopes only   |
| Transaction import     | `transactions.*`   |
| Profile sync           | `profiles.*`       |

Use the least privilege principle, only grant the scopes the integration actually needs.

## Machine users

For each integration, create a dedicated **Machine User** in CX Manager (Settings → Users) with the Machine role. Generate all tokens for that integration under this user. This makes it easy to:

* Identify which system each token belongs to
* Rotate credentials for a single integration without affecting others
* Audit API activity by system

Machine users should never be used for human logins.

## Token rotation

To rotate a token:

1. Generate a new token for the same machine user
2. Update the integration to use the new token
3. Delete the old token from CX Manager

## Managing tokens

View and delete all active tokens in CX Manager under **Settings → API Tokens**.
