Skip to main content

API and OTA tokens

Learn how to manage API and OTA (SDK) tokens.

Ilya Krukowski avatar
Written by Ilya Krukowski
Updated over 3 months ago

There are two types of tokens in Lokalise: API tokens and OTA tokens (previously known as SDK tokens). In this article, you'll learn about both types.

API tokens

Lokalise API also supports OAuth 2. More information is available in the OAuth 2 article.

What are API tokens?

API tokens function as passwords for accessing the Lokalise API. Each API request must include a valid token to verify the sender's access rights. Requests with missing or incorrect tokens will be denied.

Security considerations

  • Keep your API tokens private and never share them publicly, such as on GitHub.

  • Users with team owner privileges should take extra precautions to protect their tokens, as these grant access to all projects within the team.

  • For enhanced security, create a dedicated user with restricted access rights and generate an API token specifically for that account.

  • Assign distinct API tokens for different developers and services (e.g., testing and production environments).

How to create Lokalise API token

Go to the API tokens page by clicking your avatar in the bottom left corner, then go to Profile settings:

Then click API tokens:

Here you can see all tokens created for your profile and create a new one.

To create a new token, click on Generate new token > Select token type > click Generate. Tokens can be read/write (you can read and perform modifications) or read-only (you can only read data without modifying it).

After generating, the new token will appear in the list:


Special notes

Access rights

The token has the same permissions as the user who created it. For example:

  • If a team owner creates a token, it can access and manage all projects in the team.

  • If a contributor with the manager role has access to only one project, the token can only manage that project.

Team seats

One team member can generate as many API tokens as needed, and those tokens won’t occupy additional team seats.

If you have multiple developers who only need access to the Lokalise API, you can create API tokens for them under your own profile without inviting them to the team. This allows them to interact with the API without using up extra seats.

Availability on subscription plans

The Lokalise API is available from the Start subscription plan and above. If you’re a member of multiple teams with different plans, API requests will only work for teams on the Start plan or higher.

Token expiration

API tokens do not expire but can be manually revoked by going to Profile > API tokens and clicking Delete token.

OTA tokens

Learn more about OTA tokens and OTA flow in the Working with the OTA API article.

OTA tokens (previously known as SDK tokens) are used with iOS, Android, and Flutter SDKs to implement over-the-air flow. These tokens are tied to the project and can be generated under Project settings.

Related Articles
Django
Node.js
Migrating from Phrase (deprecated)
Managing your profile
Move project to a different team: Migration steps
Did this answer your question?