# How can I get my Discloud API token? ## 🔑 What is the Discloud API Token? Your **Discloud API Token** is a **personal, secret credential** that authenticates you to all Discloud developer surfaces: * [**REST API requests**](https://docs.discloud.com/en/api-and-integrations/api-overview) * [**Official CLI**](https://docs.discloud.com/en/how-to-host-using/cli) * [**VS Code Extension**](https://docs.discloud.com/en/how-to-host-using/visual-studio-code) * **SDK / Libraries** (e.g. [npm](https://docs.discloud.com/en/sdks-and-libraries/npm-library), [Python](https://docs.discloud.com/en/sdks-and-libraries/python-library)) It uniquely identifies your account, so **anyone with this token can act as you**. Treat it like a password. *** ## 📍 Where to Get It Follow these steps to view (or copy) your token on the Dashboard: {% stepper %} {% step %} Open the Dashboard: {% endstep %} {% step %} Click the **API Key** tab (top section of your profile area).

{% endstep %} {% step %} Use the **Copy** button to place the token on your clipboard. {% endstep %} {% endstepper %} > If the field is hidden, click the **eye icon** to reveal it. Use **Reset Token** only if you suspect compromise. *** ## 🔒 Security Best Practices | Practice | Why | | ------------------------------------------- | --------------------------------- | | Keep it private (never share or screenshot) | Prevent account takeover | | Do NOT commit to Git | Public repos are scanned by bots | | Use environment variables / secret managers | Centralized rotation & safer logs | | Rotate (Reset Token) if exposed | Immediately invalidates old token | {% hint style="warning" %} If you accidentally publish or paste your token somewhere public, **reset it immediately** on the Dashboard (API Key tab) and redeploy any services using the old one. {% endhint %}