> ## Documentation Index > Fetch the complete documentation index at: https://docs.monime.io/llms.txt > Use this file to discover all available pages before exploring further. # Personal Access Tokens > Generate and manage secure access tokens for Monime API integration ## Overview To programmatically interact with your Monime Spaces, you need **Access Tokens** (API Keys). These tokens authenticate your applications and grant permission to perform actions across all Monime Spaces associated with your Monimeer account. **Security Critical**: Treat your Access Tokens like passwords. Never share them publicly, commit them to code repositories, or expose them on the client-side of applications. ## Accessing the Developer Portal Navigate to [my.monime.io](https://my.monime.io) and log in with your Monimeer credentials From the left sidebar navigation, click on **Developer** You'll see a list of all your Monime Spaces with their unique **Space IDs** (e.g., `spc_xxxxxxxxx`) In the Developer Portal sidebar, click on **Access Tokens** This page shows all your existing tokens, their status (ACTIVE, EXPIRED), and creation dates ## Creating a New Access Token Click the **Create token** button at the top right of the Access Tokens page A full-screen configuration dialog will appear Fill out the token configuration form with the following details: ### Token Configuration Options **Purpose**: A descriptive label to identify this token's purpose **Examples**: * "Main Website Integration" * "Mobile App v2" * "Inventory Sync Script" Use meaningful names to easily identify tokens later {" "} **Purpose**: Defines how long the token remains active (security best practice) **Options**: - **2 Months**: Short-term projects or testing - **1 Year**: Production applications - **Custom**: Set a specific future expiration date - **No Expiry**: Indefinite access (use with caution) Tokens without expiry dates pose higher security risks if compromised {" "} **Purpose**: Specifies which API version this token targets Select your preferred API version from the dropdown (e.g., "v1.0.0", "v2.1.0") For more information on API versions, visit our [API Versioning documentation](/developer-resources/api-versioning) {" "} **Purpose**: Toggle between test and production environments **When Test Mode is ON**: - Expiry date defaults to 2 months (non-editable) - Whitelist options are disabled - Token prefix: `mon_test_` - Only processes simulated transactions **When Test Mode is OFF**: - Full configuration options available * Token prefix: `mon_` - Processes real money transactions {" "} **Purpose**: Restricts token access to a specific Monime Space Use the combobox to search and select a specific Space by name or ID This adds an extra security layer by preventing accidental cross-Space operations {" "} **Purpose**: Limits token usage to specific IP addresses **Examples**: - Single IP: `203.0.113.45` - CIDR range: `203.0.113.0/24` Ensure your production servers' IP addresses are included to avoid access issues {" "} **Purpose**: Filter API services to manage permissions more easily Choose from available services: - Payments - Payouts - Customers - Analytics - And more... This selection affects the available roles in the next section **Purpose**: Define specific actions the token can perform **Implementation of Least Privilege**: * Only grant permissions your application actually needs * Selected roles appear as removable "pills" or "tags" * Different services have different available roles **Common Role Examples**: * `payments:read` - View payment information * `payments:write` - Create new payments * `customers:read` - Access customer data * `payouts:write` - Initiate payouts ### Finalize Token Creation After configuring all settings, click the **Create** button to generate your token. ## Securing Your New Token **One-Time Display**: Your token will be shown only once. If you close the dialog without copying it, you'll need to generate a new token. When the token dialog appears, immediately click the **Copy** button The token will look like: - Test: `mon_test_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX` - Live: `mon_YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY` Save your token in a secure location: - Environment variables - Secrets manager (AWS Secrets Manager, Azure Key Vault, etc.) - Encrypted configuration files - Password vault * Environment variables - Secrets management services - Encrypted configuration - Server-side only * Hardcoded in source code - Public repositories - Client-side code - Plain text files ## Token Types & Environments ### Test Tokens **Prefix**: `mon_test_` **Purpose**: Development and testing with simulated transactions **Limitations**: 2-month expiry, no whitelist options ### Live Tokens **Prefix**: `mon_` **Purpose**: Production environment with real money transactions **Full Features**: All configuration options available ## Managing Existing Tokens From the Access Tokens page, you can: See name, creation date, expiry, and status of all tokens Immediately invalidate compromised or unused tokens Track API calls and usage patterns Replace tokens regularly for security ## Security Best Practices * Regularly rotate tokens (every 3-6 months) * Replace tokens immediately if compromised * Use expiry dates appropriate for your use case {" "} * Grant minimum necessary permissions - Use Space whitelisting when possible - Implement IP address restrictions - Monitor token usage patterns {" "} * Never commit tokens to version control - Use environment variables or secrets managers - Encrypt tokens at rest - Audit access to token storage * Keep tokens server-side only * Use HTTPS for all API calls * Implement proper error handling * Log security events ## Next Steps Once you have your Access Token, you're ready to start integrating with Monime's APIs! Tools, documentation, and references to support your development work. Explore our comprehensive API documentation Use our official SDKs for faster development Test your integration in our sandbox