At a glance: API and S2S tokens ensure data security. They enable users to access data via the AppsFlyer APIs or receive event data using server-to-server calls. Admins can manage multiple tokens: create, rename, and remove API and server-to-server tokens.
Important!
- Only admins can view and manage API and S2S tokens. Account users and partners have no access to the Tokens page.
- Keep your tokens safe as they enable access to your data. Don't publish tokens in public code repositories.
- It's recommended to replace tokens every 180 days.
Overview
API and server-to-server (S2S) tokens are used to enable users to access data via AppsFlyer API and S2S calls. Admins can create and replace multiple tokens while maintaining the continuity of the data, without losing any data. API and S2S tokens can be used for various purposes:
- Replacing tokens:
- Addressing specific security concerns, such as a token compromise or suspected unauthorized access
- Periodically replacing tokens as part of routine security policy updates
- Managing several tokens for different API calls
- For testing purposes
Reaching the Tokens page
- From the menu bar, click the admin email address dropdown (top right corner).
- Select Security center.
- In the AppsFlyer API tokens section, click Manage your AppsFlyer API tokens. The current tokens are displayed.
Token types
A default API token is created for every new account (API token V2). Admins can add up to 4 tokens, 2 of each type:
-
API token: This is a JWT token (JSON Web Token) used to authorize API calls, such as Pull API, Cohort API, ROI API, and others.
-
S2S token: This token is used for sending event data using S2S calls that are sent automatically.
Manage your tokens
As an admin, you can manage multiple tokens: create, rename, and remove API and S2S tokens. The main use would be to replace current tokens with new ones. This is done by first creating a new token, implementing it in your systems, and after it becomes available, deleting the old token.
Retrieve tokens
- From the menu bar, access the user menu (email address drop-down at the top right corner).
- Select Security center.
- In the AppsFlyer API tokens section, click Manage your AppsFlyer API tokens.
- The available tokens are displayed.
- Copy the required token.
Create a token
- From the Tokens page, click + New token.
- Enter the token name.
- Select the token type.
- Click Create token.
Note
- A new token becomes available for use only after 30 minutes, until which it's pending.
- Make sure to implement the new token in your systems
Rename a token
- From the Tokens page, click the edit icon of the token you want to rename.
- Rename the token.
- Click Save.
Delete a token
Caution
- Deleting an API or S2S token could cause failure to systems depending on it.
- When deleting a token, it's removed from the Tokens page. However, it takes up to 30 minutes to fully reject all calls.
- If you wish to replace a token, make sure to first create a new token, implement it, and after it becomes available (when not in "Pending" status), you can delete the old token.
- From the Tokens page, click the delete icon of the token you want to delete.
- You must confirm deleting the token by typing "Delete token".
- Click Delete token.
Applications of the API V2 token
Use cases for advertisers and ad networks using the API V2 token:
Advertiser
Ad network
| API V2 token |
|---|
| App list for ad networks |
| Integration with campaign management platforms |
| Protect360 reports for integrated partners |
| InCost |
Applications of the S2S token
Use cases for advertisers using the S2S token:
| S2S token |
|---|
| Mobile in-app events S2S API |