Skip to main content
API and SDK tokens

Learn how to manage API and SDK tokens.

Ilya Krukowski avatar
Written by Ilya Krukowski
Updated over a week ago

There are two types of tokens in Lokalise: API tokens and SDK tokens. In this article, you'll learn about both types.

API tokens

Lokalise API also supports OAuth 2. More information is available in the OAuth 2 article.

What are API tokens?

API tokens are like passwords for accessing the Lokalise API. Each API request includes the token to verify the sender's access rights. If the token is incorrect or missing, the request will be denied.

Security considerations

  • Keep your token private and don’t share it publicly, like on GitHub.

  • Users with team owner privileges must especially protect their tokens, as they can manage any project within the team.

  • For better security, create a separate user with restricted access rights and generate an API token for that account.

  • Each developer and service (testing or production) should use distinct API tokens.

How to create Lokalise API token

Go to the API tokens page by clicking your avatar in the bottom left corner, then go to Profile settings:

Then click API tokens:

Here you can see all tokens created for your profile and create a new one.

To create a new token, click on Generate new token > Select token type > click Generate. Tokens can be read/write (you can read and perform modifications) or read-only (you can only read data without modifying it).

After generating, the new token will appear in the list:


Special notes

Access rights

The token has the same access rights as the user who generated it. For example, if a team owner generates a token, it can manage any project within the team. If an admin has access to one project only, the token can manage only that project.

Team seats

One team member can generate as many API tokens as needed, and those tokens won’t occupy additional team seats.

If you have multiple developers who only need access to the Lokalise API, you can create API tokens for them under your own profile without inviting them to the team. This allows them to interact with the API without using up extra seats.

Availability on subscription plans

The Lokalise API is available from the Start subscription plan and above. If you’re a member of multiple teams with different plans, API requests will only work for teams on the Start plan or higher.

Token expiration

API tokens do not expire but can be manually revoked by going to Profile > API tokens and clicking Delete token.


SDK tokens

Learn more about SDK tokens and OTA flow in the Working with the OTA API article.

SDK tokens are used with iOS, Android, and Flutter SDKs to implement over-the-air flow. These tokens are tied to the project and can be generated under Project settings > General.

Did this answer your question?