There are two types of tokens in Lokalise: API tokens and SDK tokens. In this article, you'll learn about both types.

API tokens are like passwords for accessing the Lokalise API. Each API request includes the token to verify the sender's access rights. If the token is incorrect or missing, the request will be denied.

Go to the API tokens page by clicking your avatar in the bottom left corner, then go to Profile settings:

Then click API tokens:

Here you can see all tokens created for your profile and create a new one.

To create a new token, click on Generate new token > Select token type > click Generate. Tokens can be read/write (you can read and perform modifications) or read-only (you can only read data without modifying it).

After generating, the new token will appear in the list:

​

The token has the same access rights as the user who generated it. For example, if a team owner generates a token, it can manage any project within the team. If an admin has access to one project only, the token can manage only that project.

One team member can generate as many API tokens as needed, and those tokens won’t occupy additional team seats.

If you have multiple developers who only need access to the Lokalise API, you can create API tokens for them under your own profile without inviting them to the team. This allows them to interact with the API without using up extra seats.

The Lokalise API is available from the Start subscription plan and above. If you’re a member of multiple teams with different plans, API requests will only work for teams on the Start plan or higher.

API tokens do not expire but can be manually revoked by going to Profile > API tokens and clicking Delete token.

SDK tokens are used with iOS, Android, and Flutter SDKs to implement over-the-air flow. These tokens are tied to the project and can be generated under Project settings > General.