Manage API tokens
Create and manage API tokens for Phocas MCP integrations.
User permission required: API tokens > MCP (Model Context Protocol)
This feature is for developers and other technical users who already know MCP.
Use API tokens to authenticate external applications and integrations that connect to Phocas. For the wider context, see MCP.
You can generate and manage your own tokens from your Account settings page.
On the API tokens page, you can:
Create a new API token
View the tokens you created
Delete (revoke) tokens you no longer want to use
Only you can manage the tokens associated with your Phcoas user account.
Open the API tokens page
Open your Account settings page: Click your initials or profile image in the top-right corner of the screen, then select Account settings.
Click Manage API tokens. The API Tokens page opens.
Create a token
Create a token when you need to authenticate with an external system or integration.
Click Create API token.
Enter a name for the token.
Set an expiration period. Read about token expiry below.
Click Create token. The token is displayed.
Click Copy. Use the token immediately or store it securely. You cannot view it again.
View your tokens
The API tokens page lists all tokens you created. For each token, you can see:
The token name
When it was created
When it expires
Use this list to track which integrations are using your tokens.
Delete a token
Delete a token if it is no longer needed or if you think it has been compromised. This action revokes the token, so it no longer works
Locate the token you want to delete.
Click its menu button, then select Delete.
Confirm the action.
Once deleted, the token can no longer be used to authenticate.
Understand token expiry
When you create a token, you set an expiry date. The default is three months and the maximum is five years.
After a token expires, it can no longer be used. If you still need access, create a new token.
Last updated