API tokens enable access to the Orbit API. There are two types of token available for use; user and workspace, below we break down the differences.
API tokens are used to authenticate requests made to the Orbit API. Orbit offers two different types of token that can be used:
- User API Token
- Workspace API Tokens
There are no differences between the tokens in terms of what they are able to access and the types of requests they can make, but depending on your use case, one might be more suitable than the other.
User API Tokens
The User API token can be considered your personal API token. It is unique to you, tied directly to your personal Orbit account, and you only have one token.
- You can find your API tokens on the Account Settings page.
- These tokens are associated to your user account, activity via the API that uses this token will be attributed to you.
Workspace API Tokens
Workspace API tokens are connected at the workspace level, they are not related to specific users. They can be found on your Workspace Settings page (Workspace Owners only, if you require a Workspace API Token ask a workspace owner to create one for you).
- These tokens are associated with your workspace.
- Activity via the API that uses these tokens will be attributed to the name you give the token when it is created.
- You can set up as many Workspace API tokens as you need, this helps to split up different services and allow for greater security.
- Only Orbit workspace owners can access and create new Workspace API tokens
Which token type to use
There is no wrong type of token, however one may be more suitable than the other so which one you choose depends on your use case.
A good example would be if an external service is going to be using the Orbit API on behalf of you, a user, then your personal token would be suitable for this. Examples of this would be if you integrated personal productivity apps such as Calendly, with Orbit.
Workspace API Tokens would be a better choice If you are creating a bot, using Zapier, or a service that multiple users have access to. You can set a new Workspace API Token up for every API integration you create, and have central control over revocation and regeneration of the token because any of the Workspace Owners can see, edit or revoke the token if needed.
There is no difference in API functionality regardless of what token you use.