# Generate an API Token Finout API is fully secured using a secret key and client token, which can be managed from your Finout account. When you generate the API token, it creates both a secret key and a client ID (token). These parameters will be passed in the Authorization header when invoking any Finout API methods. ### API tokens vs. personal tokens Finout supports two types of tokens for API authentication: * **API token** — Account-level credentials used for service-to-service integrations. Consists of a Client ID and a Secret Key passed in request headers. * **Personal token** — User-level credentials tied to your individual Finout user. Use personal tokens when you want API access scoped to your own user identity and permissions. {% hint style="info" %} Only Admins can create open the Admin Portal and generate API tokens. {% endhint %} ### Generate a personal token 1. Select your profile from the user dropdown on the top left of any screen in Finout.

2. Click **Admin Portal**. 3. Select **Personal Tokens**.

4. Click **Generate Token**. 5. Enter a **Description**, select a **Role**, and choose a **token expiration**. 6. Click **Create**. Your token is generated. 7. Copy the **Client ID** and the **Secret Key** — these won't be accessible after you close this window. 8. Add the **Client ID** and **Secret Key** in your request headers: * `x-finout-client-id` * `x-finout-secret-key`
### Generate an API token 1. Select your profile from the user dropdown on the top left of any screen in Finout.

2. Click **Admin Portal**. \ The Profile window appears.

3. Select **API Tokens**. \ The API Token screen appears.

4. Click **Generate Token**. \ The Generate Token window appears.

5. Enter a **Description**, choose a **Role**, choose **token expiration**, and click **Create**. \ Your token is generated. 6. Copy the **Client ID** and the **Secret Key**, which won't be accessible later, and then click **Done**. 7. Add the **Client ID** and **Secret Key** in Headers when invoking any of the Finout endpoints: * x-finout-client-id * x-finout-secret-key

### FAQs **What happens to a user's personal tokens if they are removed from the account?** Personal tokens are tied to the individual user. When a user is removed from the account, their personal tokens are automatically deleted. **Does a personal token respect the user's role and data access permissions?** Yes. Personal tokens include the user's context — including their assigned roles and permissions within the account. Any API call made with a personal token is subject to the same access controls as the user who created it. **What is the difference between an API token and a personal token?** API tokens are account-level credentials, not tied to any specific user. Personal tokens are user-level credentials scoped to the individual who created them, and they carry that user's permissions. Use API tokens for service-to-service integrations; use personal tokens when the API call should reflect a specific user's identity and access. **Can I view a token secret after it's been created?** No. The secret key is only visible at the time of creation. Copy and store it securely before closing the window — it cannot be retrieved afterward. **Can a token expire?** Yes. You can set an expiration period when creating the token. Once expired, the token is no longer valid and a new one must be generated. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.finout.io/api/finout-api/generate-an-api-token.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.