API Tokens

Overview

API tokens are the credentials your application uses to query data. Each token:

Is tied to a specific database
Has per-verb permissions (SELECT / INSERT / UPDATE / DELETE)
Is shown only once at creation time
Can be revoked instantly

Create a token

In the dashboard under API Tokens → New Token:

Name        → "frontend-readonly"
Database    → my-app
Permissions → SELECT only

The response shows your token once:

cxk_fc4639e7f81aba67b3900f89666551ba

⚠️ Save this token. It won't be shown again.

Token security

Store tokens in environment variables, never in source code
Use .env files locally, secrets managers in production
Rotate tokens periodically by creating a new one and revoking the old one

Multiple tokens, multiple use cases

cxk_aaa... → frontend     → SELECT only
cxk_bbb... → backend API  → SELECT + INSERT + UPDATE
cxk_ccc... → data import  → INSERT only
cxk_ddd... → admin script → SELECT + INSERT + UPDATE + DELETE

API Tokens ​

Overview ​

Create a token ​

Token security ​

Multiple tokens, multiple use cases ​

API Tokens

Overview

Create a token

Token security

Multiple tokens, multiple use cases