Bulletin: API token changes

What's new

To provide a more secure and reliable experience for API usage, the API V1 token, which was included in the API URLs, was deprecated in favor of the API V2 token, which is a JWT-based token that is passed in the header for bearer authorization.

API V1 token and the APIs that use them are no longer available as of September 18, 2023.

Effective date

September 18, 2023


Only an admin can retrieve the API V2 token from the AppsFlyer dashboard.

Who needs to update the API token?

Both advertisers and agencies who are still using API token V1 need to update their tokens.

How to find API V1 tokens

Use the Audit log to filter out any API V1 tokens still in use. You can then download the data to a CSV file:

  1. Go to the Audit log dashboard.
  2. Type "API Token V1" in the search bar.
  3. In the Service filter, select only API calls, and filter the results.
  4. Click the Download icon from the top-right of the page.
    Your CSV file is downloaded and includes your app ID, the service used, and the API call URL.

Action required

Update the following APIs for the API V2 token:
  1. Go to the API token page
  2. Under API token V2.0, click the Copy to clipboard icon.
  3. For each of the following APIs:
    1. Replace the API V1 URL with the URL in the above documentation.
    2. Paste the token you copied into the Bearer authentication header.
    3. For the OpenDSR API, paste the token into the request bearer header: 
      'Authorization': 'Bearer %AuthTokenV2%'

About the API tokens

Learn more about the API tokens: