> ## Documentation Index
> Fetch the complete documentation index at: https://docs.screenshotly.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Managing Tokens

> Learn how to manage your API tokens effectively

# Managing Tokens

This guide will help you manage your API tokens effectively and securely.

## Token Best Practices

### 1. Use Different Tokens for Different Environments

Create separate tokens for development, staging, and production:

```typescript theme={null}
// Development environment
const devToken = 'scr_dev_1234567890';

// Staging environment
const stagingToken = 'scr_staging_1234567890';

// Production environment
const prodToken = 'scr_prod_1234567890';
```

### 2. Store Tokens Securely

Never hardcode tokens in your code. Use environment variables or secure configuration management:

```typescript theme={null}
// .env file
SCREENSHOTLY_API_TOKEN=your_token_here

// Code
const apiToken = process.env.SCREENSHOTLY_API_TOKEN;
if (!apiToken) {
  throw new Error('API token not configured');
}
```

### 3. Rotate Tokens Regularly

Generate new tokens periodically and phase out old ones:

```typescript theme={null}
async function rotateToken() {
  // Generate new token
  const response = await fetch('https://api.screenshotly.app/api/keys/generate', {
    method: 'POST',
    headers: {
      'Authorization': `Bearer ${currentToken}`,
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({
      name: 'Production Token',
      expiresIn: 30, // 30 days
    }),
  });

  const { apiKey } = await response.json();

  // Update your configuration with the new token
  // Then phase out the old token after ensuring the new one works
}
```

### 4. Monitor Token Usage

Regularly check token usage and watch for unusual patterns:

```typescript theme={null}
async function checkTokenUsage() {
  const response = await fetch('https://api.screenshotly.app/api/keys', {
    headers: {
      'Authorization': `Bearer ${apiToken}`,
    },
  });

  const { keys } = await response.json();
  const token = keys[0];

  console.log('Token Usage:', {
    requests: token.usageCount,
    lastUsed: token.lastUsedAt,
    status: token.status,
  });
}
```

## Token Management Through Dashboard

### Creating Tokens

1. Navigate to the [API Tokens](/dashboard/tokens) page
2. Click "Generate New Token"
3. Enter a descriptive name
4. Set an expiration date
5. Copy and securely store the token

### Revoking Tokens

If a token is compromised:

1. Navigate to [API Tokens](/dashboard/tokens)
2. Find the compromised token
3. Click the "Revoke" button
4. Generate a new token to replace it

## Token Management Through API

### Generating Tokens

```typescript theme={null}
async function generateToken() {
  const response = await fetch('https://api.screenshotly.app/api/keys/generate', {
    method: 'POST',
    headers: {
      'Authorization': `Bearer ${apiToken}`,
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({
      name: 'API Token',
      expiresIn: 30, // Days until expiration
    }),
  });

  const { apiKey, expiresAt } = await response.json();
  return { apiKey, expiresAt };
}
```

### Listing Tokens

```typescript theme={null}
async function listTokens() {
  const response = await fetch('https://api.screenshotly.app/api/keys', {
    headers: {
      'Authorization': `Bearer ${apiToken}`,
    },
  });

  const { keys } = await response.json();
  return keys;
}
```

### Revoking Tokens

```typescript theme={null}
async function revokeToken(tokenId: string) {
  const response = await fetch(`https://api.screenshotly.app/api/keys?id=${tokenId}`, {
    method: 'DELETE',
    headers: {
      'Authorization': `Bearer ${apiToken}`,
    },
  });

  if (!response.ok) {
    throw new Error('Failed to revoke token');
  }
}
```

## Error Handling

Implement proper error handling for token management:

```typescript theme={null}
async function handleTokenOperations() {
  try {
    // Try to use the token
    const response = await fetch('https://api.screenshotly.app/screenshot', {
      method: 'POST',
      headers: {
        'Authorization': `Bearer ${apiToken}`,
        'Content-Type': 'application/json',
      },
      body: JSON.stringify({
        url: 'https://example.com',
      }),
    });

    if (response.status === 401) {
      // Token is invalid or expired
      await handleTokenRefresh();
    } else if (response.status === 429) {
      // Rate limit exceeded
      await handleRateLimitExceeded();
    }
  } catch (error) {
    console.error('Token operation failed:', error);
  }
}

async function handleTokenRefresh() {
  // Generate a new token
  const { apiKey } = await generateToken();
  
  // Update your configuration
  await updateTokenConfiguration(apiKey);
}

async function handleRateLimitExceeded() {
  // Wait for rate limit reset or use a different token
  const response = await fetch('https://api.screenshotly.app/api/keys', {
    headers: {
      'Authorization': `Bearer ${apiToken}`,
    },
  });

  const { keys } = await response.json();
  const resetTime = new Date(keys[0].rateLimit.reset);
  
  console.log(`Rate limit will reset at: ${resetTime}`);
}
```

## Security Checklist

✅ Use environment variables for token storage\
✅ Rotate tokens regularly (every 30-90 days)\
✅ Monitor token usage for suspicious activity\
✅ Use different tokens for different environments\
✅ Implement proper error handling\
✅ Have a token rotation strategy\
✅ Keep tokens out of version control\
✅ Revoke compromised tokens immediately

## Next Steps

* Learn about [rate limiting](/introduction/authentication#rate-limits)
* Explore the [Tokens API reference](/api/tokens)
* Check out our [security best practices](/guides/security)
