These keys are used to authenticate incoming requests to the Tatou RESTful API. Every request must have a valid API key (also referred to as a token) to be accepted.
...
Creating an API
...
key (
...
token)
Open Tātou Office and navigate to your Organisation settings (found under Account → Organisation → Settings).
You will see a list of any existing tokenskeys, and when they were last used.
Create a new token key with Generate new token button.
Copy the generated tokenkey. You will not be able to retrieve this later, so make sure you save this somewhere safe.
Staying secure
Protect your API keys even more than you would a password. Any person or software with access to one of your API keys will have administrator-level access to your entire Organisation.
We monitor unusual behaviour, but it is your responsibility to protect your login credentials. This includes your usernames, passwords, multi-factor login devices and API keys.
If you feel that
...
an API key has been compromised, you can delete these tokens at any time to immediately invalidate them.