An API token is a unique code that Document360 generates to allow external applications to communicate with your knowledge base securely. You can create and manage API tokens directly from the Document360 portal to enable integrations with analytics tools, automation platforms, or any third-party service that supports the Document360 API.
When to use API tokens
Use API tokens when you need to:
Integrate with external tools — Connect Document360 with analytics platforms, CRMs, or automation tools that need to read or write knowledge base data.
Automate content workflows — Use POST or PUT tokens to programmatically create or update articles without logging into the portal.
Restrict operation types — Issue separate tokens per integration, each scoped to only the HTTP methods that integration requires (for example, a read-only GET token for a reporting dashboard).
Manage media asset access — Control how long signed URLs for drive assets remain valid when accessed via the API in private or mixed projects.
Before you begin
Confirm the HTTP methods your integration requires (GET, POST, PUT, DELETE) before creating the token.
API tokens page
The API tokens page is the central interface for viewing, creating, editing, and deleting tokens.
The page contains the following elements:
Element | Description |
|---|---|
Name | The label assigned to each API token for easy identification. |
Token | The generated token value. Click the () Copy icon to copy it to your clipboard. |
Allowed methods | The HTTP methods enabled for the token (GET, POST, PUT, DELETE). |
Edit () | Hover over a token and click the Edit icon to modify its allowed methods. |
Delete () | Hover over a token and click the Delete icon to permanently remove it. |
Token usage | Shows how many tokens are in use out of the total allowed (for example, "6/8 tokens created"). |
Create API token | Button to generate a new token. |
NOTE
Document360 displays the number of API tokens created but does not track where they are used or which endpoints they are associated with.
How to create an API token
Navigate to Settings () > Knowledge base portal in the left navigation bar.
In the left navigation pane, select API Tokens.
The API tokens page displays any existing tokens.Click Create API token.
The Add API token dialog appears.Enter a name for the token in the Name field.
Select one or more HTTP methods to allow for this token:
Expand the Advanced dropdown and, in the Access validity limit for drive assets field, select the expiry duration for media asset access (15 minutes to 36 hours).
Click Add.
The new API token is created and appears in the tokens list.
NOTE
Labels are used internally within the Knowledge base portal and are not supported in API endpoints. Tags associated with articles and category pages can be retrieved via the API. Refer to the API documentation for more details.
Best practices
One token per integration — Issue a dedicated token for each external application so you can revoke access selectively without affecting other integrations.
Apply the principle of least privilege — Only enable the HTTP methods an integration actually needs. A reporting tool needs GET only; avoid issuing POST or DELETE unless required.
Review tokens periodically — Delete tokens that are no longer in use to prevent unauthorized access.
Label tokens clearly — Use descriptive names (for example, "Analytics - Read Only" or "CMS Sync - Write") so tokens are easy to identify and audit later.
Adjust drive asset validity for your use case — For short-lived API calls, keep the default 15-minute validity. For batch jobs or longer workflows, extend the duration to avoid broken asset links mid-process.
FAQ
Can we generate multiple API tokens for the same HTTP methods in Document360?
Yes, Document360 allows you to create multiple API tokens with the same HTTP methods. This is useful when managing integrations across different applications — each application can have its own dedicated token for security and independent management.
Can I restrict the scope of an API token to specific articles or categories?
No, it is not possible to restrict a token to specific articles or categories. You can, however, control which operations the token can perform by selecting only the required HTTP methods (GET, PUT, POST, or DELETE) when creating or editing the token.
How can I increase the drive asset access validity for private and mixed projects?
You can configure the asset access validity period within the API token settings:
Go to the Knowledge base portal > API tokens.
Edit an existing token or create a new one to open the API token dialog.
Expand the Advanced dropdown and select the desired access validity limit.
The default validity is 15 minutes. You can extend it up to a maximum of 36 hours.