Manage asset management API tokens

All API tokens are managed through the API manager, which you can access through System Management  Asset Management API Manager. You create tokens beneath this management asset and link the tokens to other root asset nodes you want to access using headless mode.

As a system administrator, you can control what parts of the asset tree the API can access, and what permission restrictions each API should inherit based on the user profile selected.

API token field reference

The following fields let you configure what access the API has to your site.


Lets you enable or disable this token. If you disable the token, any integrations you have set up using this token will be unavailable.

Requests sent while the token is disabled return a HTTP 401 Unauthorized error when returned in an API request.


The name of the asset displayed in the asset tree. You set this name when you create the token asset.

You can change the name without affecting access to the API endpoint: the asset name is purely to help you locate it in the asset tree.


The API token you use in requests for this asset management API integration. The token is a unique value, and can not be changed.


Select the user to base the permissions of the token against. You can choose any user account type to base the permissions on, depending on the requirements of your API integration.

If you do not select a user, the API returns an HTTP 401 Unauthorized error.

You can also set Root node restrictions to explicitly control what parts of your site are accessible to the API endpoint, in addition to inherited user permissions.

Root node restrictions

Select the root node (or nodes) you want to explicitly grant access to through the API integration, in line with the inherited permissions of the selected user.

If you do not set root node restrictions, the permissions of the selected User determine what assets and resources are available through the API.

Requesting a resource that is not under a restricted root node results in an HTTP 403 Forbidden response being returned.

How to create an asset management API token

Read Create a token to find out how to create an asset management API token.