Authorisation & Permissions

API tokens assume admin-level privileges and therefore grant access to all the data in your Claimable account, without the same role-based protections that apply to normal users.

There are no granular roles or permissions for API tokens and they authorise the bearer to access all endpoints and perform all API operations, so you should treat them as you would an admin or super-user password!

❗️

API Token Security

Always keep your API tokens confidential and never share them outside your company or commit them to source control.

See Securing API Tokens for guidance and best practice.