# API Access

Control which third-party services can connect to your finance data by issuing secure API tokens.

## Generate Client Tokens

* Click **Generate token** to create a new credential for a partner or internal tool.
* Each token grants access to the client API immediately after creation.
* Regenerating a token revokes the previous key, ensuring that lost or compromised credentials cannot be reused.

## Share Tokens Securely

* Distribute tokens through encrypted channels only—never paste them into public chats or emails.
* Store a copy in your internal password manager so authorized team members can retrieve it later.

## Token List

When no tokens exist, the page displays the empty state message **“No token yet”** along with a reminder to generate your first key. Once tokens are created, the table includes:

* **Reusable token** indicator so you know which credentials power ongoing integrations.
* **Current API key** showing the masked value of each token.
* Controls to revoke or regenerate keys if access should be withdrawn.

## Best Practices

* Rotate keys periodically, especially after staff changes.
* Revoke tokens immediately when an integration is no longer needed.
* Combine API access with user-level permissions to limit the data exposed to third parties.