- Integrations
- Custom integration
- Manage user API tokens
Manage user API tokens
Learn how to generate and revoke user API tokens that are required for integrations with SafetyCulture.What are the differences between service user and user API tokens?
Service user and user API tokens offer flexible ways to connect external tools to SafetyCulture.
Service user API tokens are best suited for long-term or shared integrations where access should stay the same regardless of user changes. You can set their permissions, which makes them ideal for stable, system-level connections.
User API tokens are suitable for one-off tasks, personal workflows, or scenarios where access needs to reflect a specific user's permissions or group and site memberships.
Choosing the correct token type ensures your integration runs smoothly while matching your organization's security and access needs.
Functionality | Service user API token | User API token |
|---|---|---|
Ownership | Created for a service user (system-based or integration-focused) | Created by an individual user |
Login | Cannot be used to log in | Can be used to log in |
Permissions | Assigned for each service user | Inherits the user’s permission set |
Group and site access control | Not supported | Inherits access from the user |
Integrations | Designed for long-term or shared integrations | Suited for short-term or personal use |
Token stability | Not affected by user changes | Will expire if user is deactivated or exits the organization |
Activity logs | Shows the service user name | Shows the individual user’s name |
Visibility | Not shown in the user list | Visible in user settings |
Billing | Does not count toward seat billing | Counts toward assigned user seat |
Each user can create up to 10 active user API tokens. Whereas, each organization can have up to 20 active service user tokens.
If you belong to multiple organizations, you need to create separate API tokens for your integrations. This applies to both service user and user API tokens.
What you'll need
User API tokens expire after 30 days of inactivity. Expired tokens will stop your integrations from working until you generate a new one.
If your organization uses single sign-on (SSO) and does not allow non-SSO logins, you may not be prompted to enter a password when you generate a new user API token.
Generate a user API token
Click your username on the lower-left corner of the page and select My Profile.
Click
Settings on the upper-right of the page.Select API tokens on the upper-right of the page.
Click Generate API token.
In the pop-up window, enter a user API token name and your account's password.
Click Generate.
Click the user API token to copy it. Save the token securely before closing the window.
Revoke a user API token
Click your username on the lower-left corner of the page and select My Profile.
Click
Settings on the upper-right of the page.Select API tokens on the upper-right of the page.
Click
Revoke on the token's right-hand side.In the pop-up window, click Revoke.
Frequently asked questions
It depends on how your integration is set up.
For custom-built integrations (such as Workato, scripts, or direct API calls using a service user or user API token): Yes. Regenerating the token will break the integration until the replacement token is manually updated in your integration settings.
For built-in SafetyCulture integrations (such as Power BI, Microsoft Teams, or SharePoint): No. These integrations use system-managed tokens, so revoking or regenerating your API tokens will not affect them.
Revoking a service user API token immediately stops it from working, but you can still regenerate it later. This is helpful if you want to pause an integration temporarily without removing the token entirely.
Deleting a service user API token permanently removes it from your organization. You can only delete a token after revoking it. Once deleted, the token can't be recovered or regenerated, so you'll need to create a new one if you want to reconnect the integration.
Was this page helpful?
Thank you for letting us know.