# Creating an API key **It’s important to remember that the token is exactly the same as giving someone your email and password. They will have access to act on behalf of you, be careful who you share your token to.** Creating an API key allows you to obtain access to the platform without having to login through the Swift Labs web application. The API key can be used to add and modify athlete and squad information and pull athlete activity data as well as additional administration functions. **Creating the Key** Navigating to your organisation settings and clicking on the last tab within the organisation settings will take you to your API keys for your organisation. [![](http://swiftmedika.com/wp-content/uploads/2019/02/Image-1-1024x564.png)](http://swiftmedika.com/wp-content/uploads/2019/02/Image-1.png)Organisation API Keys Clicking on the “Add Key” will take you to create a new API Key. To create a new key, three components are required, including; the token name, expiry and token scopes. By default the token expiry is set to the maximum of three months and must be manually renewed once the token has expired. [![](http://swiftmedika.com/wp-content/uploads/2019/02/Image-2-1024x564.png)](http://swiftmedika.com/wp-content/uploads/2019/02/Image-2.png)Creating an API Key[![](http://swiftmedika.com/wp-content/uploads/2019/02/Image-3-1024x564.png)](http://swiftmedika.com/wp-content/uploads/2019/02/Image-3.png)API Token **Token Scopes** Token scopes restrict the amount of functionality the token has with the account. Selecting the ***athletes:read*** token will prevent the token from being able to create or remove an athlete. This gives you fine grain control over the amount of functionality and access the token has. Using the table below, you should determine the level of access required. | Scope | Description | | ---------------------------------- | ------------------------------------------------------------ | | coaches:read | Read coaches for your organisation. | |

athletes:read

| Read the athletes of your organisation. | |

athletes:create

| Create athletes for your organisation. | | athletes:update | Update athletes for your organisation. | |

athletes:remove

| Remove athletes for your organisation. | | squads:read | Read the squads for your organisation. | | squads:create | Create squads for your organisation. | | squads:update | Update squads for your organisation. | | squads:remove | Remove squads for your organisation. | | squads:athletes | List the athletes that are members of the squad. | | squads:coaches | List the coaches that are members of the squad | | squads:add\_coaches | Add coaches to the squad. | | squads:add\_athletes | Add athletes to the squad. | |

squads:remove\_coaches

| Remove coaches from the squad. | |

squads:remove\_athletes

| Remove athletes from the squad. | | activity:read | Read activities of an athlete, acthlete:read also required. | |

activity:remove

| Remove activities of an athlete, athlete:read also required. | |

org:read

| Read your organisation details. | |

org:write

| Update your organisation details. | |

org:users\_read

| Read the users for your organisation. | |

org:users\_update

| Update the users for your organisation. | |

org:users\_remove

| Remove users from your organisation. | |

user:read

| Read your user profile. | | user:write | Update your user profile. | **Using your token** Using an application like [Postman](https://getpostman.com/) is an ideal way to test your API key. Appending the token you just generated with the *Authorization* header, will authorise the requests so long as the token has not expired and has the required scopes. ``` Authorization: JndHI3iPWR3n6oeMKyOeB1BAs4kbobfchkvakZG9b4sTuSZSr3kjBb3eZA5EjADt3XwP6SGmK0qibs82jIlb3w== ``` [![](http://swiftmedika.com/wp-content/uploads/2019/02/Image-4-1024x564.png)](http://swiftmedika.com/wp-content/uploads/2019/02/Image-4.png)Athletes API request. **Additional Information** Additional information on the API requests available can be found within our API documentation here. **Common errors to look out for:** An invalid token will generate the following error. ``` { "Message": "Unable to authorize user."} ``` A token without the required scope will through this error detailing the required scope for the request. ``` { "Message": "Unable to authorize token, could not find scope athletes:read."} ``` And remember **It’s important to remember that the token is exactly the same as giving someone your email and password. They will have access to act on behalf of you, be careful who you share your token to.** Was this article helpful? [Like ](broken://pages/WSNRGCpgdfEIEmW6Umiq)[Dislike 0](broken://pages/WSNRGCpgdfEIEmW6Umiq) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.swiftperformance.com/swift-docs/product-manuals/labs/creating-an-api-key.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.