# API Tokens | Procurize.AI **Generate, manage, and use API tokens for secure programmatic access to your Procurize.AI workspace.** > **Applies to:** Procurize.AI Dashboard → Settings → Tokens > **Available on:** Business & Enterprise plans > **Required role:** Security Manager, Editor, Admin or Maintainer ## Overview API tokens enable secure, programmatic access to the Procurize.AI platform. You can use tokens to integrate Procurize.AI with your internal systems, automate workflows, or build custom applications on top of the platform. **Key characteristics:** - Tokens inherit **all permissions** of the user who created them - Tokens are **organization‑scoped** – no need to specify `org` in API calls - Unlimited tokens can be generated - Tokens can have **expiration dates** or be set to never expire - Tokens can be **deactivated** and later **reactivated** as needed > 🔒 **Security note:** Procurize.AI does **not** store the token value – only its hash. You must copy and save the token immediately after generation. It will not be shown again. ## Accessing the Token Management Panel 1. Navigate to the **Dashboard** → **API Tokens** page. 2. The token management panel displays your personal tokens associated with the current organization. ![API tokens page](/images/docs/api-tokens-page.png) > **Permission required:** Only users with **Security Manager**, **Editor**, **Admin** or **Maintainer** roles can access this panel. For detailed role definitions, see [Permissions Overview](/what-user-permissions-does-procurize-have/) . ## Generating a New Token 1. Enter a **Name** to identify the token's purpose. 2. Select an **expiration period**: - 1 month - 3 months - 1 year - **No expiration** (unlimited validity) 3. Click **"Generate"**. ### Important – Copy the Token Immediately After generation, the token value is **displayed once** – copy it and store it securely (e.g., in a password manager or environment variable). ![New API token](/images/docs/new-api-token.png) > ⚠️ **You will not be able to view the token value again.** Procurize.AI stores only a secure hash for verification. If you lose the token, you must revoke it and generate a new one. ## Managing Existing Tokens The Tokens panel displays a list of all generated tokens with their: - Name - Suffix - Creation date - Expiration date (or "-") - Status: **Active** or **Inactive** ### Deactivating / Reactivating a Token - **Deactivate** – temporarily disables the token. You can reactivate it later when needed. - **Reactivate** – restores a previously deactivated token to active status. > 💡 Deactivation is useful for temporarily suspending integrations without deleting the token. ### Revoking a Token - **Revoke** – permanently deletes the token. This action cannot be undone. - If you lose a token, revoke it immediately and generate a new one. ## Using an API Token ### Base URL & Authentication | Parameter | Value | |-----------|-------| | **Base URL** | `https://api.procurize.com` | | **Authentication method** | API key via header | | **Header** | `X-API-Key: ` | ### Example Request (cURL) ```bash curl -X GET "https://api.procurize.com/v1/documents" \ -H "X-API-Key: YOUR_API_TOKEN" ``` > 🧠 **No organization ID needed** – the token is bound to your organization, so the API resolves the context automatically. ## Important Security & Usage Rules | Rule | Explanation | |------|-------------| | **Token permissions** | The token has exactly the same permissions as the user who created it. If the user's role changes, the token's permissions update accordingly. | | **Organization binding** | Tokens are tied to the creator's organization. You cannot use a token across multiple organizations. | | **Token visibility** | The token value is shown **only once**. Store it immediately. Procurize.AI stores only a hash. | | **Expired tokens** | Expired tokens are automatically deactivated and cannot be used. Generate a new token if needed. | ## Troubleshooting | Issue | Solution | |-------|----------| | **"Invalid API key" error** | Check that the token is correctly copied (no extra spaces). Verify the token is still active and not expired. | | **Token not working after role change** | The token's permissions are updated to match the user's current role. If the user lost permissions, the token also loses them. | | **Lost token** | Revoke the lost token and generate a new one. | | **Rate limiting** | API rate limits apply based on your plan. Check the `X-RateLimit-*` headers in the response. | ## Related Topics - [Permissions Overview](/what-user-permissions-does-procurize-have/) – detailed role definitions - [Pricing Plans](https://www.procurize.ai/pricing/) – which plans include API access - [REST API Reference](/rest-api-reference/) – detailed endpoint documentation {{}}