Generate API tokens and subscribe webhooks

API tokens are required to use Loop APIs for security and authentication purposes. Tokens can be accessed and created by users who have the

Handle API tokens with care: API tokens are sensitive credentials. Only share them with trusted partners to avoid potential data and privacy breaches. If you suspect that your token has been compromised or lost, immediately delete the token and contact the Loop team for further assistance.
Review token scopes carefully: Be mindful of the scopes assigned to each token. Assign only the necessary scopes required for the integration or use case to minimize access and reduce security risks.
Create specific tokens for third-party integrations: When building an integration with a third party, we recommend generating a new API token with a name specific to that integration. This will help you track the calls made by the integration and ensure that only the required scopes are assigned.
Keep token usage secure: Store your tokens in a secure environment, such as environment variables or a secure vault, to prevent unauthorized access. Avoid hardcoding tokens in source code repositories.
Audit token usage regularly: Regularly review the tokens you’ve created and ensure they are being used as intended. Revoke tokens that are no longer in use or that no longer meet security or functional requirements.This helps mitigate security risks by reducing the potential attack surface.

Open the Loop app and navigate to Settings in the bottom left corner.
Under the Admin category, click on API Tokens. This will display the list of existing tokens.
To generate a new token, click on Generate New Token.
Provide a name for the token, select the appropriate token scope, and click Generate Token.
The new token will be generated and displayed immediately on the page.
To view the token, click Show Token. It’s important to keep the token confidential and avoid sharing it with unauthorized users to prevent potential data breaches.
If you need to modify the token scope, click Edit and make the required changes.
If a token is accidentally shared, click Remove Token to revoke it.

Use the subscribe webhook endpoint to subscribe to webhooks. Link to the endpoint here.
1. In the request body, provide the topic name and the URL where the webhook will be received.
Include the API token in the request to authorize the use of this endpoint.
Send the request to the endpoint to complete the subscription.
To view a list of subscribed webhooks, use the List webhook endpoint for a specific subscription. Link to the endpoint here.

Use the List webhook endpoint to retrieve the list of subscribed webhooks . Link to the endpoint here.
In the response payload, copy the ID of the webhook you wish to unsubscribe from.
To unsubscribe from a specific webhook, use the Unsubscribe webhook endpoint. Link to the endpoint here.
1. Pass the webhook ID obtained in Step 2 as a path parameter.

If you need to replace or rotate your API token, follow these steps: