API Tokens
API tokens authenticate scripts, CI pipelines, and integrations against the Applicare API. Tokens inherit a role and scope, can expire, and are fully auditable.
Creating a token#
Under Settings → API Tokens, create a token, assign it a role (least privilege), and set an expiry. The secret is shown once — store it in your secret manager immediately.
curl -H "Authorization: Bearer $ARC_TOKEN" \
https://applicare.yourco.com/api/v1/hostsScoping & least privilege#
Give a token only the permissions it needs. A metrics-export job should use a read-only token scoped to the relevant services, never an admin token. See API Authentication for the full auth model.
Rotation#
Rotate regularly. Set expiries, rotate on a schedule, and revoke immediately if a token may be exposed. Revoked tokens stop working instantly and the event is logged in the audit trail.
Was this page helpful?
Related
Can't find what you need?
Ask ArcIn or reach our support engineers.