Managing AppsFlyer tokens

At a glance: Tokens enhance data security. They enable users to access data via the AppsFlyer APIs or receive event data using server-to-server calls. Admins can manage multiple tokens while maintaining data continuity. This includes creating, renaming, and removing API and server-to-server tokens as necessary.

 Important!

AppsFlyerAdmin_us-en.png

  • Only admins can view and manage tokens. Account users and partners have no access to the Tokens page.
  • Keep your tokens safe, as they enable access to your data. Don't publish tokens in public code repositories.
  • It's recommended to replace tokens every 180 days.

About AppsFlyer tokens

Tokens are used to enable users to access data via AppsFlyer API and S2S calls. Admins use the tokens for various purposes:

  • Security measures:
    • Replacing tokens to address specific security concerns, such as a token compromise or suspected unauthorized access
    • Periodically replacing tokens as part of routine security policy updates
  • Managing different API calls
  • Testing purposes
  • For use with particular features, such as the OneLink API

Reaching the Tokens page

  1. From the top bar, open the account menu (email address dropdown) > Security center.
  2. In the AppsFlyer API tokens section, click Manage your AppsFlyer API tokens. The current tokens are displayed. 

Token types

There are various types of tokens for different purposes. By default, an API token is generated for each new account (API token V2). Admins can create a maximum of two tokens for each type, as detailed in the table below.

Token type Intended use
API token A JWT token (JSON Web Token) used to authorize API calls, such as Pull API, Cohort API, ROI API, and others.
OneLink API (premium) A unique token used for OneLink API, which generates personalized links for optimal user engagement in large-scale campaigns.
S2S token Used for sending data using server-to-server calls.

Manage your tokens

As an admin, you can manage multiple tokens: create, rename, and remove tokens. The main use would be to replace current tokens with new ones. This is done by first creating a new token, implementing it in your systems, and after it becomes available, deleting the old token.

Retrieve tokens

  1. From the top bar, open the account menu (email address dropdown) > Security center.
  2. In the AppsFlyer API tokens section, click Manage your AppsFlyer API tokens.
  3. The available tokens are displayed. 
  4. Copy the required token.

Create a token

  1. From the Tokens page, click + New token.
  2. Enter the token name.
  3. Select the token type.
  4. Click Create token.

 Note

  • A new token becomes available for use only after 30 minutes, until which it's pending.
  • Make sure to implement the new token in your systems

Rename a token

  1. From the Tokens page, click the edit icon of the token you want to rename.
  2. Rename the token.
  3. Click Save.

Delete a token

 Caution

  • Deleting a token could cause failure to systems depending on it.
  • When deleting a token, it's removed from the Tokens page. However, it takes up to 30 minutes to fully reject all calls.
  • If you wish to replace a token, make sure to first create a new token, implement it, and only after it becomes available, meaning it's not in "Pending" status, you can delete the old token.
  1. From the Tokens page, click the delete icon of the token you want to delete.
  2. You must confirm deleting the token by typing "Delete token".
  3. Click Delete token.

Applications of the API V2 token

Use cases for advertisers and ad networks using the API V2 token:

Advertiser

API V2 token
Pull API raw data
Pull API aggregate data
Get app list
Cohort
SKAdNetwork aggregate reporting
Copy partner integration settings
Set install referrer decryption key
True Revenue tax API
OpenDSR API
Master API

Ad network

API V2 token
App list for ad networks
Integration with campaign management platforms
Protect360 reports for integrated partners
InCost

Applications of the S2S token

Use cases for advertisers using the S2S token:

S2S token
Mobile in-app events S2S API 

Applications for the OneLink token

Use cases for advertisers using the OneLink API token:

Create, get, update, and delete OneLink short URLs with customized parameters.