Integrations

Generating an API token for the open API

Per-scope tokens, the audit log, and what to never expose in client-side code.

Article5 min·Updated 10 June 2026·By Avago team

Where to generate tokens

The open API lets your own code read and write Avago data, and every request is authenticated with a token. Generate tokens from the API or Developer area of your settings. Create a separate token for each integration or script rather than reusing one everywhere — that way you can revoke a single token without breaking everything else, and the audit log tells you exactly which integration did what.

Per-scope permissions

Tokens are scoped, so each one only carries the permissions it actually needs. When you create a token, grant the narrowest set of scopes that does the job:

  • Read-only scopes for something that just pulls data.
  • Write scopes only where the integration needs to change things.
  • Separate scopes per resource, so a token for form submissions can't touch billing.

Least privilege is the rule: a leaked read-only token is far less damaging than a leaked all-access one.

The audit log

Every token's activity is recorded in an audit log. It shows which token did what and when, which is your trail if something looks wrong. Review it periodically, and if you ever see activity you don't recognise, revoke the token immediately and issue a fresh one.

What never to expose client-side

This is the rule that matters most:

  • Never put an API token in front-end code, a public repository or anywhere a browser can read it.
  • Tokens belong on a server you control, in environment variables or a secrets store.
  • If a token is ever exposed, treat it as compromised — revoke it and rotate to a new one.

Webhooks are often the safer choice for getting data out of Avago — they push events to your server without you holding a powerful write token in the open at all.

Was this article helpful?

Your vote tunes the rank order for everyone else. We read every “no” comment.

Need account-specific help?Atlas has read every article on this site and can answer in your account context.
Ask Atlas →

Read next. From the same section.

All in Integrations

Have an idea? Just have a go.

Your website is waiting to be built. No credit card. No commitment. Free to build — only pay when you're ready to go live.

Free to build~5 min to liveNo credit card