This article explains how to generate and manage API tokens within First Due, which are essential for establishing secure connections between First Due and external systems. API tokens enable automated data exchange, third-party integrations, and custom applications to interact with your First Due instance while maintaining proper security controls through role-based permissions.
API tokens serve as secure authentication keys that allow external systems to communicate with First Due's database and functionality. Each token is unique to a specific user and automatically expires after one year to maintain security standards. The token works in conjunction with role-based permissions to control what data and endpoints can be accessed. This dual-layer security approach ensures that integrations can only perform actions that the associated user account is authorized to complete within the platform.
To generate and manage API tokens, users need:
Navigate to User Menu
Open Token Management
Create New Token
Manage Your Token
Token Management:
Security Considerations:
Permission Planning:
Q: My API calls are returning permission errors even though I have a valid token. A: Check the role-based permissions for your user account. API tokens only authenticate your identity; actual data access is controlled through permission objects in the Role configuration. Contact your administrator or Client Success team to review API permission settings.
Q: How do I know when my API token will expire? A: Tokens automatically expire one year from generation. Check the API Token tab in your User Profile to view the expiration date, or maintain your own tracking system with renewal reminders.
Q: Can multiple users have API tokens for the same agency? A: Yes, but this creates management complexity. It's recommended to use a single designated API user account to simplify token tracking and renewal processes.
Q: What happens if my token expires during an active integration? A: All API calls will begin failing immediately. Plan token renewals well in advance and update all systems using the expired token with the new authentication key.
Q: Where can I find documentation about available API endpoints? A: Refer to the API documentation link, which lists supported endpoints and required permissions. Contact Client Success or your Implementation Manager if you need access or have questions about specific functionality.