There are two types of tokens in Lokalise.

API tokens serve as a means of authentication for the Lokalise API, functioning similarly to a password for accessing the platform. Each API request includes the token to verify the sender's access rights. If the token is incorrect or absent, the request will be denied.

It is crucial to keep your token private and not disclose it in public spaces, such as GitHub, to prevent unauthorized access. Particularly for users with team owner privileges, whose tokens enable management of any project within the team, safeguarding the token is paramount. To enhance security, consider creating a separate user with restricted access rights and generating an API token for that account. It is advisable for each developer and service, whether in testing or production environments, to utilize distinct API tokens.

To create an API token, first proceed to the API token menu. To do this, click on your avatar in the bottom left corner and then proceed to Profile settings > API tokens.

Here you can see all created tokens, and as well make a new one.

To create a new API token, click on Generate new token > Select token type > click Generate. Tokens can have one of the following types: read/write (you can read and perform modifications using this token) and read-only (you can only read the data without modifying it).

After doing so, the user will see a newly added token in their list:

​

Please note that the token has the same access rights as the user who generated it. For example, if John is the team owner and he generates a read/write token, then this token can be used to manage any project within the team. If Ann has admin access rights to a single project only, then her token can be used to manage only that exact project.

Finally, the API tokens do not have expiration dates. You can revoke them manually by opening Profile > API tokens and then clicking Delete token.

Lokalise API also supports OAuth 2. Please find more information in the corresponding article.

SDK tokens are used with iOS, Android, and Flutter SDKs to implement over-the-air flow. These tokens are tied to the project and can be generated under Project settings > General.