Authentication and API token creation

Lexer APIs leverage bearer tokens as a primary form of authentication. Tokens can be generated from within the Lexer Hub. This article will run through the process of creating an Activity Token and a Profile Read Token. 

API Type is an important parameter when developing a token, make sure you select the right type. 

The tokens: 

  1. Activity: Currently a multi purpose API token that allows you to do a number of things. It has a focus on Respond and reporting, you can find out more about our Activity API here. 
  2. Profile Read: Allows users to read profile data from the CDP and utilize this data externally. This API type is very singular in purpose, you can read more about the Profile Read API here. 

Create an “Activity” API token

This versatile token is your key to a range of functionalities, with a special emphasis on Respond and Reporting. If you'd like to explore the specifics of our Activity API, you can find detailed information right here.

To create an API token within the Hub, navigate to Manage > Integrations

1. Click on the API Tokens tile. 

2. Once open, click on New API Token

3. Fill out the details in the API Token Settings selecting Activity. 

4. Agree to the terms and conditions, and Save

Once you provide a description and click Save, the token will be made visible to you. Save the token by copy and pasting it somewhere secure.

Ensure you save the token at this point because it cannot be viewed again.

Once you have completed these steps you can open the token settings again to find some additional details and some customisation options. You will notice the key itself is no longer visible, it is replaced with “API Tokens can only be viewed when they are first created” shown in the screenshot below. 

Create an “Profile Read” API token

These specialized tokens have one clear mission: enabling users to access and utilize profile data within our CDP externally. If you want to explore the finer details of the Profile Read API, check out the dedicated information here.

This process is pretty similar to the Activity token. To get started navigate to Manage > Integrations

1. Click on the API Tokens tile. 

2. Once open, click on New API Token

3. Fill out the details in the API Token Settings selecting Profile Read. The Profile Read API token requires a bit more set up. 

  • Select the attributes you would like to expose through the API.
  • Select which attributes you want to link. Clicking on “Custom” will allow you to search for the attribute you would like to use as your linking attribute. 
  • Lastly, select which IP’s to whitelist, you will need to select at least one IP to whitelist. 

4. Agree to the terms and conditions, and Save

Once you provide a description and click Save, the token will be made visible to you. Save the token by copy and pasting it somewhere secure.

Ensure you save the token at this point because it cannot be viewed again.

Once you have completed these steps you can open the token again to find some additional details and some customisation options. You will notice the key itself is no longer visible, it is replaced with “API Tokens can only be viewed when they are first created”. 

Editing API token settings 

Made a mistake or want to update some details? not to worry, follow these steps: 

  1. Click on the API you want to edit. 
  2. Select the “Details” tab. 
  1. Once you've updated the details, hit the "Save" button.

Token reset

You can reset your API within the API Token settings. Directly beneath the Key itself, once saved, there will be a button to “Reset API Token”. Be careful with this, as soon as you reset the token, anything using it will require the new token. 

Please note: 

  • Your account can have up to 5 active API tokens.
  • Certain rate limits are applied to API keys to manage traffic efficiently. It may be increased depending on your use cases. Please your Success Manager to discuss it further. Error 429 will indicate an exceeded rate limit. 

We recommend creating API tokens for each unique use. Each token can be scoped for specific types of activity and revoked at any time to limit access to the APIs and underlying data in the Lexer CDXP.

All APIs have the option for IP Whitelisting as a secondary layer of security, some APIs, like Profile Read API, have a mandatory requirement for an IP Whitelist.

That’s a wrap on Authentication

In this article we discussed the types of token, the use for each token and the process of setting these tokens up for use. For more information about where you might require these tokens you can read through our API documentation here

Updated:
October 11, 2023
Did this page help you?
Thank you! Your feedback has been received!
Oops! Something went wrong while submitting the form, for assistance please contact support@lexer.io