Documentation
API ReferenceChangelogFAQDashboard

App tokens

Explore Sumsub app tokens for secure API access.

An app token is a unique key that allows you to securely interact with the Sumsub API and sign your API calls. With Sumsub app tokens, you can configure permissions to control which API calls can be made using them. The app tokens enables you to perform various actions such as creating applicants, uploading documents, monitoring verification statuses, and so on through our API. Additionally, app tokens do not have an expiration period, so you have unlimited access to the Sumsub API within the permissions set for each created app token.

Generate app token

To generate a token:

  1. In the Dashboard, open Dev space, go to the App Tokens page, and click Generate app token.
  2. In the Name field, enter a preferred token name.
  3. In the Whitelisted IPs section, specify whether this token can be used from any IP address (default), or restrict its usage to specific trusted addresses, which you provide as a comma-separated list.
  4. [Optionally] From the Source keys from client drop-down list, choose a source key, if you have created it previously. In case there are no available source keys and you want the app token to have access only to a specific group of applicants, refer to this article to learn how to set one up.
  5. Set the Image watermarks checkbox to enable/disable adding the COPY watermark to images of applicant documents.
  6. Select permissions by setting corresponding checkboxes according to your preferences. Different permission types allow you to configure how you want to moderate, view, and manage your applicants’ verification or transactions. You can also click Select all to choose all permissions at once.
  7. Click Generate app token. Consider that once you create an app token, you cannot change the token’s settings.
  8. Save the token and secret key to a secure location, as they are displayed only once, and confirm it by clicking I’ve saved app token and key securely.

🚧

Important

  • To generate an app token that would be valid in Sandbox mode, switch to this mode as explained in this article. You may want to use Sandbox mode in cases where you are testing your integration and do not want to conduct real checks.
  • Each token is unique per mode in which it was created; you cannot use an app token in Production mode if this token was created in Sandbox, and vice versa.
  • The full-sized app token and secret key values are shown in the Dashboard only once — at the moment you create the token; make sure to save it to a secure location.

View and manage app tokens

  • Open the App Tokens section to view information about all the tokens created on your key, including their name, permissions, source key, and usage count.
  • To delete a token, click the trash bin icon next to the corresponding token.

Updated about 1 month ago