Skip to main content
POST
/
v1
/
tokens
curl --request POST \
  --url 'https://toapis.com/v1/tokens' \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "name": "My New Token",
    "expired_time": -1,
    "remain_quota": 500000,
    "unlimited_quota": false
  }'

{
  "success": true,
  "message": "",
  "data": {
    "id": 123,
    "user_id": 456,
    "key": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "status": 1,
    "name": "My New Token",
    "created_time": 1738483200,
    "accessed_time": 1738483200,
    "expired_time": -1,
    "remain_quota": 500000,
    "unlimited_quota": false,
    "used_quota": 0,
    "model_limits_enabled": false,
    "model_limits": "",
    "group": "",
    "cross_group_retry": false
  }
}
  • Create a new API token via API
  • Customize token name and expiration time
  • Configure quota limits and model restrictions
  • Token key is only returned once upon creation
Security NoticePlease securely store the returned token key (key field). It is only displayed once upon creation and cannot be retrieved later.

Authorizations

Authorization
string
required
All endpoints require Bearer Token authenticationGet your API Key:Visit the API Key Management Page to get your API KeyAdd it to the request header:
Authorization: Bearer YOUR_API_KEY

Body

name
string
required
Token name, maximum 50 charactersExample: "My New Token"
expired_time
integer
default:"-1"
Token expiration time (Unix timestamp in seconds)
  • Set to -1 for never expires
  • Set to a specific timestamp to expire at that time
Example: 1738483200 (2025-02-02 00:00:00 UTC)
remain_quota
integer
default:"0"
Token remaining quota (internal units)Conversion: 500000 = $1 USDExample: 500000 (equivalent to $1)
unlimited_quota
boolean
default:"false"
Whether the token has unlimited quota
  • true: Unlimited quota, no restrictions
  • false: Limited quota, uses remain_quota value
Example: false
model_limits_enabled
boolean
default:"false"
Whether to enable model restrictions
  • true: Enable model restrictions, only models in model_limits can be used
  • false: No model restrictions
Example: false
model_limits
string
default:""
List of allowed models (comma-separated)Only effective when model_limits_enabled is trueExample: "gpt-4o,gpt-4o-mini,claude-3-5-sonnet"
group
string
default:""
Token group nameUsed to specify the channel group for this tokenExample: "default"

Response

success
boolean
Whether the request was successful
message
string
Error message (only returned on failure)
data
object
Created token information (returned on success)
curl --request POST \
  --url 'https://toapis.com/v1/tokens' \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "name": "My New Token",
    "expired_time": -1,
    "remain_quota": 500000,
    "unlimited_quota": false
  }'

{
  "success": true,
  "message": "",
  "data": {
    "id": 123,
    "user_id": 456,
    "key": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "status": 1,
    "name": "My New Token",
    "created_time": 1738483200,
    "accessed_time": 1738483200,
    "expired_time": -1,
    "remain_quota": 500000,
    "unlimited_quota": false,
    "used_quota": 0,
    "model_limits_enabled": false,
    "model_limits": "",
    "group": "",
    "cross_group_retry": false
  }
}

Use Cases

  • Automate creation of multiple API tokens
  • Create separate tokens for different applications or services
  • Batch manage token lifecycle through scripts
Token Key FormatThe key field returned upon success is a 48-character random string. When using, add the sk- prefix for the complete format: sk-xxxxxxxx...
Best Practices
  • Create different tokens for different purposes for easier tracking and management
  • Set reasonable expiration times and rotate tokens regularly
  • Enable model limits if you only need access to specific models for enhanced security

Common Errors

Error MessageCauseSolution
令牌名称过长Name exceeds 50 charactersUse a shorter token name
生成令牌失败Internal system errorRetry later or contact support
Authentication failedAPI Key is invalid or expiredCheck if the API Key is correct
Security Notice
  • The created token key is only returned once in the response, save it immediately
  • Do not hardcode API Keys in client-side code
  • Always use HTTPS in production
  • Create separate tokens for each application for easier management and revocation