Skip to main content
This guide explains how to create, manage, and use API tokens to securely connect external applications and AI assistants to your Graphor flows.

Overview

API tokens provide secure authentication for programmatic access to your Graphor projects and flows. They are essential for:
  • Connecting applications to your RAG pipelines via REST API
  • Integrating with AI assistants through MCP Server
  • Automating processes with Graphor resources
  • Building custom integrations with your existing tools

Creating API Tokens

To create a new API token:
  1. Navigate to your project in Graphor
  2. Click on API Tokens in the left sidebar
  3. Click the Create New Token button
  4. Enter a descriptive name for your token (e.g., “Production REST API” or “Claude Integration”)
  5. Click Create
  6. Important: Copy your token immediately and store it securely. For security reasons, the full token will only be displayed once.

Managing Tokens

The API Tokens page provides several management capabilities:

Revoking Tokens

To revoke a token that is no longer needed or may be compromised:
  1. Navigate to the API Tokens page
  2. Find the token you want to revoke
  3. Click the Delete icon next to the token
  4. Confirm the revocation
Once revoked, a token cannot be restored. Any services using the token will immediately lose access to your Graphor resources.

Token Security Best Practices

API tokens provide access to your Graphor resources, so it’s important to handle them securely:

Storage

  • Never store tokens in public repositories or client-side code
  • Use environment variables or secure secret management systems
  • For development environments, consider using .env files (excluded from version control)

Distribution

  • Share tokens securely with team members who need access
  • Use encrypted channels for token distribution

Rotation

  • Regularly rotate tokens used in production systems
  • Immediately revoke tokens when team members leave or roles change
  • Create new tokens rather than sharing existing ones for new integrations

Troubleshooting Token Issues

Solutions:
  • Verify you’re using the full token string
  • Check that the token hasn’t been revoked
  • Confirm you’re using the correct Authorization format
Solutions:
  • Verify the token is assigned to the correct project
  • Ensure the resources you’re accessing exist
  • Create a new token with appropriate permissions if needed
Solutions:
  • Immediately revoke any potentially compromised tokens
  • Create new tokens with fresh credentials
  • Update security practices for token storage

Next Steps

After setting up your API tokens, explore:

Upload Source

Start by ingesting documents from files, URLs, GitHub, and YouTube

Chat with Documents

Ask natural language questions about your documents with conversational memory and structured outputs

Extract Structured Data

Extract structured information from documents using custom schemas and natural language instructions

RAG Pipelines Overview

Master comprehensive RAG pipeline and node management