The token_auth acts as your password and is used to authenticate in API requests.

Security considerations

The token_auth is secret and should be handled very carefully: do not share it with anyone. Each Matomo user has a different token_auth.

Matomo 4 and newer

To generate a token_auth follow these steps:

  • Log in to Matomo
  • Go to the Matomo Admin through the top menu
  • Click on Personal -> Security
  • In the bottom of the page click on “Create new token”
  • Confirm your account password
  • Enter the purpose for this plugin as a description
  • Click on “Create new token”

You will now see the newly created token. Save it somewhere safe as you won’t be able to see it anymore once you leave that screen. For example in a password manager. If you lose it, you will need to generate a new token.

We recommend you create a new token for every app or purpose. This way, you can easily delete or regenerate the token for specific purposes and see which ones are still being used etc.

Matomo 3 and older

You can find the token_auth by logging in Matomo (Piwik), then click on Administration in the top menu, then click the link “API” in the left menu.

The token_auth value can be re-generated on request by any user under Administration > Personal Settings.