Token Types
When generating a token from the Apicbase UI, you choose between two token types: Service Account and Personal. The right choice depends on what you're building.
Comparison
| Service Account Token | Personal Token | |
|---|---|---|
| Acts as | Dedicated API user for the library | The user who generated the token |
| Permissions | Admin-level within selected scopes | Inherits the user's own permission set |
| Action attribution | "API Service Account (App name)" | The individual user's name |
| Tied to a person | No | Yes — breaks if account is deactivated |
| Library-switching risk | No | Yes — follows the user's active library |
| Best for | Production integrations, automated workflows | Testing, personal scripts, development |
Service Account Token
A Service Account Token acts as a dedicated API user for your library, independent of any individual's account. All API requests are attributed to "API Service Account (your app name)" in audit logs and modification history.
Use this when:
- Building a production integration or automated workflow
- You need the token to keep working regardless of team changes
- You want API activity clearly separated from individual user actions
Permissions: Service account tokens operate with admin-level permissions within the scopes you selected at creation time. They are not constrained by any individual user's permission set.
Personal Token
A Personal Token acts as you — the user who generated it. API requests are attributed to your account, and the token inherits your permissions.
Use this when:
- Running personal scripts against your own library
- You intentionally want API actions attributed to your account
Limitations to be aware of:
- If your account is deactivated, the token stops working
- The token operates in your currently active library. If you switch libraries in the Apicbase UI, API requests will follow — which can cause unintended behavior in integrations
Dual requirement for Personal TokensYour application needs the correct OAuth scope and your user account needs the corresponding permission.
For example, to create a recipe via the API, the token must have the
libraryscope and your account must have recipe creation permissions. A missing permission on either side returns a403 Forbiddenerror.
How to generate each type
Both token types are generated from Library Settings → API Settings → New token. After selecting an application, you'll see a token type selector before choosing scopes and creating the token. Select Service Account Token or Personal Token, configure your scopes, give the token a name, and click Create token.
The Access Token and Refresh Token are shown once — copy both before closing the modal.
For step-by-step instructions, see the Quick Start Tutorial.
Working across multiple libraries?If your integration needs to operate across more than one library, see the Working with Multiple Libraries guide.
For partners with external applications
If your application connects to a customer's Apicbase library, the library owner generates your access token from their API Settings → Connected Applications → Manage tokens.
The token type selector is not available for external applications. Tokens generated this way are always scoped to the library connection and attributed to the application, not to the library owner's personal account.
Service Account Tokens for external applications must be generated via the UIThere is no way to obtain a service account token through the OAuth authorization code flow. The OAuth flow issues tokens bound to whichever user completes the authorization, which means the resulting token inherits that user's permissions and is subject to the same library-switching limitations as a Personal Token.
If your integration requires stable, account-independent access, ask the library owner to generate a token from the UI and share it with you
Updated 6 days ago