Account Tokens are the secret keys used between TagoIO and external applications. Any access from an account requires a valid token, so it is vital that tokens are kept secret and only shared with trusted parties.
All sorts of requests can be performed with Account Tokens, so only provide this token to trusted applications.
Account tokens can be managed from your account details by selecting your profile. You can copy a token by clicking the Copy button.
More than one token can be created for the same profile. Permissions and expiration dates for each token may be configured as needed.
The expiration field defines the lifespan of a token; it can be set to a temporary period or left infinite (never expires).
A new token is automatically generated each time you log in to your account, or when someone with whom you have shared your profile logs in. These auto‑generated tokens are created with an expiration time of 3 months and will be deleted automatically after that period or when the user logs out of the account manually.
Tokens issued by TagoIO carry a short prefix that identifies their type, so you can recognize a token at a glance in logs, screenshots, and configuration files:
p-a-u-n-atDevice tokens are returned without a prefix, because they are provisioned into hardware and firmware where the token length is often fixed.
Tokens created before prefixes were introduced keep working, and the API accepts tokens with or without a prefix on every request.