Application access tokens are created and managed in the Sesame Application. Due to the sensitivity of the information available from Sesame Data, access to token generation is closely controlled. Within your Sesame Application, only users who are Account Administrators will be able to create and manage tokens. As this is an application token, however, any user with the token can make requests.

How to create an API Token

Once logged in to Sesame, the user can readily generate a token using the Add Token option in the Dashboard or API Tokens menu.

The user is required to name the token and provide an expiration date - either using pre-populated options or by prescribing a specific date. The field Description can be used to add more information about where the token is used.

Please note that we recommend avoiding the use of tokens that exceed a 3-month duration. However, if maintaining shorter durations proves challenging, it is acceptable to extend the token's lifespan.

Sesame will automatically email the token creator via when the token is two days away from expiration.

Optionally, you can utilize the IP Whitelisting for added security measures.

How to manage existing tokens

Users can also manage existing tokens using the Update option. Here the user can later manage the name, description and whitelisted IPs. Users can also retrieve the token password and username if required.

How to revoke tokens

Users can also revoke tokens that they no longer require. Revoked tokens stop working immediately once revoked.

After a token expires or is revoked, it becomes available for monitoring in the Expired & Revoked section.

Dealing with unrecognised tokens

When creating a new token, Sesame automatically sends an email to the administrators of the account informing them that a new token has been issued.

In the case you do not recognise that action, Revoke the token immediately.