API tokens¶

By adding an API token to your application, you can skip the normal user login workflow and have continuous access to the ONEKEY API – both the REST and GraphQL parts – and the python client.

To create and use an API token:

Click on your profile in the top-right corner:
Select API tokens.
Click Create new API token.
Fill in the details and follow the on-screen instructions.

Important

At the end of the process, make sure you save or copy the API token before closing the popup, as it will no longer be accessible afterwards, not even to our support team. If the API token is lost you must create a new one.

Insert the API token into your preferred integration:

Python clientREST APIGraphQL API

Use the ONEKEY_TOKEN environment variable (recommended) or the --token option:

# Environment variable (recommended)
export ONEKEY_TOKEN="your-api-token"
export ONEKEY_TENANT_NAME="your-tenant"

# Run commands
onekey list-tenants

# Or via command line option
onekey --token "your-api-token" --tenant "your-tenant" list-tenants

Include the token in the Authorization header as Bearer <your-api-token>:

curl -X GET "https://app.eu.onekey.com/api/firmwares/<firmware-id>/sbom" \
  -H "Authorization: Bearer <your-api-token>"

Include the token in the Authorization header as Bearer <your-api-token>:

curl -X POST https://app.eu.onekey.com/api/graphql \
  -H "Authorization: Bearer <your-api-token>" \
  -H "Content-Type: application/json" \
  -d '{"query": "{ allProductGroups { id name } }"}'

If you delete an API token on the platform, or it is expired, any API requests using that token will be denied with a 401 Unauthorized response. Create a new token on the platform and replace the old one to keep your application working.

For security reasons, you cannot edit an API token directly. If you want to change the name, permissions, etc. of the token or simply deactivate it immediately, you must delete the token and create a new one with the desired configuration.