At a glance: Tokens enhance data security. They enable users to access data via the AppsFlyer APIs or receive event data using server-to-server calls. Admins can manage multiple tokens while maintaining data continuity. This includes creating, renaming, and removing API and server-to-server tokens as necessary.
Important!
- Only admins can view and manage tokens. Account users and partners have no access to the Tokens page.
- Keep your tokens safe, as they enable access to your data. Don't publish tokens in public code repositories.
- It's recommended to replace tokens every 180 days.
About AppsFlyer tokens
Tokens are used to enable users to access data via AppsFlyer API and S2S calls. Admins use the tokens for various purposes:
- Security measures:
- Replacing tokens to address specific security concerns, such as a token compromise or suspected unauthorized access
- Periodically replacing tokens as part of routine security policy updates
- Managing different API calls
- Testing purposes
- For use with particular features, such as the OneLink API
Reaching the Tokens page
- From the top bar, open the account menu (email address dropdown) > Security center.
- In the AppsFlyer API tokens section, click Manage your AppsFlyer API tokens. The current tokens are displayed.
Token types
There are various types of tokens for different purposes. By default, an API token is generated for each new account (API token V2). Admins can create a maximum of two tokens for each type, as detailed in the table below.
Token type | Intended use |
---|---|
API token | A JWT token (JSON Web Token) used to authorize API calls, such as Pull API, Cohort API, ROI API, and others. |
OneLink API (premium) | A unique token used for OneLink API, which generates personalized links for optimal user engagement in large-scale campaigns. |
S2S token | Used for sending data using server-to-server calls. |
Manage your tokens
As an admin, you can manage multiple tokens: create, rename, and remove tokens. The main use would be to replace current tokens with new ones. This is done by first creating a new token, implementing it in your systems, and after it becomes available, deleting the old token.
Retrieve tokens
- From the top bar, open the account menu (email address dropdown) > Security center.
- In the AppsFlyer API tokens section, click Manage your AppsFlyer API tokens.
- The available tokens are displayed.
- Copy the required token.
Create a token
- From the Tokens page, click + New token.
- Enter the token name.
- Select the token type.
- Click Create token.
Note
- A new token becomes available for use only after 30 minutes, until which it's pending.
- Make sure to implement the new token in your systems
Rename a token
- From the Tokens page, click the edit icon of the token you want to rename.
- Rename the token.
- Click Save.
Delete a token
Caution
- Deleting a token could cause failure to systems depending on it.
- When deleting a token, it's removed from the Tokens page. However, it takes up to 30 minutes to fully reject all calls.
- If you wish to replace a token, make sure to first create a new token, implement it, and only after it becomes available, meaning it's not in "Pending" status, you can delete the old token.
- From the Tokens page, click the delete icon of the token you want to delete.
- You must confirm deleting the token by typing "Delete token".
- Click Delete token.
Applications of the API V2 token
Use cases for advertisers and ad networks using the API V2 token:
Advertiser
Ad network
API V2 token |
---|
App list for ad networks |
Integration with campaign management platforms |
Protect360 reports for integrated partners |
InCost |
Applications of the S2S token
Use cases for advertisers using the S2S token:
S2S token |
---|
Mobile in-app events S2S API |
Applications for the OneLink token
Use cases for advertisers using the OneLink API token:
Create, get, update, and delete OneLink short URLs with customized parameters.