API Tokens

Learn how to create and manage API tokens for integrations.

Available to:
Business Owner

What are API Tokens

Understanding programmatic access.

API tokens allow external applications to access VasBox on your behalf. They provide secure, programmatic access without sharing your password.

Token Benefits
  • • Secure authentication
  • • No password sharing
  • • Can be revoked anytime
  • • Usage tracking
Token Capabilities
  • • Full API access
  • • Same permissions as creator
  • • All actions logged

When to Use API Tokens

Common use cases for API access.

Third-Party Integrations

Connect VasBox to accounting software, CRM systems, or other business tools.

Custom Applications

Build custom apps that interact with your VasBox data programmatically.

Automated Reporting

Set up automated scripts to pull reports and data on a schedule.

Point of Sale Systems

Integrate custom POS hardware or software with VasBox for receipt creation.

Creating an API Token

Step-by-step token creation.

1
Navigate to API Tokens

Go to Admin → API Tokens from your dashboard.

2
Create New Token

Click Create Token and enter a descriptive name for your token.

e.g., Accounting Integration

Naming Convention

Use descriptive names like "Accounting Software", "POS System - Branch 1", or "Reporting Script".
3
Copy Your Token

Your token is displayed. Copy it immediately and store it securely.

Token Created
app.vasbox.co.zw
Token Created Successfully

Copy this token now. You won't be able to see it again.

vbx_a1b2c3d4e5f6g7h8i9j0...
Copy your token now - it won't be shown again

Important

You won't be able to see this token again. If you lose it, you'll need to create a new one.
4
Store Securely

Store your token in a secure location like a password manager or encrypted configuration file.

Managing Tokens

View and revoke existing tokens.

API Tokens
app.vasbox.co.zw

API Tokens

Create Token
Accounting Integration
Created: March 1, 2024 • Last used: 2 hours ago
Reporting Script
Created: Feb 15, 2024 • Last used: Yesterday
View and manage your tokens

Revoking Tokens

Revoke a token when it's no longer needed or if you suspect it may have been compromised.

When to Revoke
  • • Integration no longer needed
  • • Security concern or breach
  • • Employee departure
  • • Token possibly compromised
What Happens
  • • Token becomes invalid immediately
  • • API requests using token fail
  • • Revocation is logged
  • • Cannot be undone

Security Best Practices

Keep your API tokens secure.

Use Descriptive Names

Name tokens clearly so you know what they're used for.

One Token Per Integration

Create separate tokens for each integration for easier management.

Revoke Unused Tokens

Regularly review and revoke tokens that are no longer in use.

Never Share via Email

Never send tokens via email or unencrypted channels.

Rotate Periodically

Create new tokens and revoke old ones periodically for security.

Monitor Usage

Check "Last used" dates to spot unauthorized access.

Token Security

Treat API tokens like passwords. Anyone with your token can access VasBox as if they were you.
PermissionsWhat tokens can do
Audit TrailTrack token usage
Previous Permissions
NextOverview