The API token section of your Profile page displays your API token and also allows you to change or revoke it, if necessary.
Your API token allows you to authenticate against the API, and/or third-party tools that access your Tracker projects via the API.
If you don’t yet have a token, or would like to generate a new one, click Create New Token. (Creating a new token will replace and deactivate your existing token.) You can also deactivate your existing token by clicking Remove Token. If a member is removed from a project, their API token will no longer authenticate against that project.
Your API token allows access to data in all projects of which you are a member. It should be kept private, like any other credentials. If you’re writing a script or program that accesses the API, do not pass the token in cleartext (use HTTPS exclusively), and do not embed your token with your code if that code is visible to others. This is especially important with JavaScript, since JavaScript code is visible to anyone that has access to the page it’s running on. If you suspect that your API token has been compromised, remove or replace it.