What is the token_auth and where can I find this token to use in the API calls?

Cloud On-Premise

The token_auth acts as your password and is used to authenticate in API requests.

Security considerations

The token_auth is secret and should be handled very carefully: do not share it with anyone. Each Matomo user has a different token_auth.

From Matomo 5 it is possible to create tokens that can only be used in a secure way (via POST requests) and will not be valid when used as a URL parameter for a GET request. It is recommended to create ‘Secure only’ tokens to improve security. Read more about token behaviour with GET vs POST requests.

Matomo 4 and newer

To generate a token_auth follow these steps:

  • Log in to Matomo.
  • Go to Administration Settings Cog Icon > Personal > Security.
  • At the bottom of the page, click on Create new token.
  • Confirm your account password.
  • Enter the purpose for this token.
  • Choose if the token should only be valid for secure requests (Matomo 5 and newer).
  • Click on Create new token.

You will now see the newly created token. Save it somewhere safe as you won’t be able to see it anymore once you leave that screen. For example, save it in a password manager. If you lose it, you will need to generate a new token.

We recommend you create a new token for every app or purpose. This way, you can easily delete or regenerate the token for specific purposes and see which ones are still being used etc.

Matomo 3 and older

You can find the token_auth by logging into Matomo and navigating to Administration Settings Cog Icon in the top menu, then click the link API” in the left menu.

The token_auth value can be re-generated on request by any user in Administration Settings Cog Icon > Personal Settings.

Matomo for WordPress

From version 5.3.0, Matomo for WordPress also supports the standard Matomo HTTP API, making it possible to connect with external tools like the Matomo mobile app and Looker Studio.

Previous FAQ: How do I find the website ID, also called idSite or Site ID?