> ## Documentation Index
> Fetch the complete documentation index at: https://help.freakhosting.com/llms.txt
> Use this file to discover all available pages before exploring further.

# How to Manage API Tokens

> Learn how to generate and manage API tokens in the FREAKHOSTING VPS Control Panel to automate server operations and integrate with external systems.

## Automating Your VPS with API Tokens

The FREAKHOSTING VPS Control Panel has a REST API that lets you do everything the web interface can do — but through code. Want to automatically restart a server every night? Build a monitoring dashboard that pulls live stats? Spin up a new server from a deployment script? The API makes all of that possible.

To use the API, you need an **API token** — a long string of characters that acts as your identity and password rolled into one. You include it with every API request, and the system knows it is you.

**Who needs this?** If you are a developer writing scripts, a DevOps engineer building automation pipelines, or a system administrator who wants to integrate FREAKHOSTING with tools like Ansible, Terraform, or custom monitoring systems — API tokens are for you. If you just manage your servers through the web panel, you can skip this feature entirely.

<CardGroup cols={2}>
  <Card title="Difficulty" icon="gauge-high">
    Advanced
  </Card>

  <Card title="Time" icon="clock">
    3 Minutes
  </Card>
</CardGroup>

***

## Generating an API Token

<Steps>
  <Step title="Navigate to Account Settings">
    Click on **Account** in the top navigation bar of the control panel.
  </Step>

  <Step title="Open the API Tab">
    Click on the **API** tab in the account settings navigation. You will see a description of the API along with a link to the full **API Documentation**.
  </Step>

  <Step title="Generate a New Token">
    Click the **Generate Token** button. A new API token will be created and displayed on screen.
  </Step>

  <Step title="Copy and Save Your Token Immediately">
    **This is critical.** Copy your token right now and store it in a secure location — a password manager is ideal. The full token may only be displayed once. If you navigate away without saving it, you may need to delete it and generate a new one.

    Treat your API token like a password. Anyone with this token can manage your servers, view your data, and take actions on your behalf.
  </Step>
</Steps>

<Important>
  Never share API tokens in public repositories, forum posts, Discord messages, or unencrypted emails. If your token appears in a public GitHub commit, consider it compromised — delete it immediately and generate a new one.
</Important>

***

## Using Your API Token

Include the token in the `Authorization` header of your HTTP requests. Here is a quick example that lists all your servers:

```bash theme={null}
curl -H "Authorization: Bearer YOUR_API_TOKEN" \
     https://cloud.freakhosting.com/api/v1/servers
```

### A Practical Automation Example

Let's say you want a simple script that checks if your server is running and restarts it if it is not. Here is a basic Bash example:

```bash theme={null}
#!/bin/bash
TOKEN="YOUR_API_TOKEN"
SERVER_ID="your-server-id"
API_URL="https://cloud.freakhosting.com/api/v1"

# Get server status
STATUS=$(curl -s -H "Authorization: Bearer $TOKEN" \
  "$API_URL/servers/$SERVER_ID" | jq -r '.status')

if [ "$STATUS" != "running" ]; then
  echo "Server is $STATUS — restarting..."
  curl -s -X POST -H "Authorization: Bearer $TOKEN" \
    "$API_URL/servers/$SERVER_ID/restart"
  echo "Restart command sent."
else
  echo "Server is running normally."
fi
```

You could run this on a cron job every five minutes for basic self-healing automation. For comprehensive API documentation — including all available endpoints, request parameters, and response formats — click the **API Documentation** link on the API page within the control panel.

***

## Managing Existing Tokens

The API page displays all your active tokens. For each token, you can:

* **View** the token name and when it was created
* **Delete** a token that is no longer needed or that may have been compromised

<Tip>
  Create **separate tokens for each application or script**. Name them descriptively — "Monitoring Cron Job," "Deploy Script," "Grafana Dashboard." This way, if one token is compromised, you can revoke just that one without breaking every integration you have.
</Tip>

***

## API Token Best Practices

<CardGroup cols={2}>
  <Card title="Use Descriptive Names" icon="tag">
    Name your tokens based on what they do: "Nightly Backup Script," "Uptime Monitor," "CI/CD Pipeline." When you have five tokens in the list, you will be glad you can tell them apart at a glance.
  </Card>

  <Card title="Rotate Tokens Periodically" icon="rotate">
    Even if nothing seems wrong, generating a fresh token every few months and deleting the old one limits the damage if a token was silently exposed. Update your scripts with the new token, then delete the old one.
  </Card>

  <Card title="Never Hardcode Tokens" icon="eye-slash">
    Storing tokens directly in your source code is a recipe for accidental exposure (especially if that code ends up on GitHub). Use **environment variables** or a secrets manager instead:

    ```bash theme={null}
    export FREAKHOSTING_TOKEN="your-token-here"
    ```

    Then reference `$FREAKHOSTING_TOKEN` in your scripts.
  </Card>

  <Card title="Revoke Compromised Tokens Instantly" icon="ban">
    If you suspect a token has been exposed — found it in a log file, pasted it in a chat accidentally, committed it to a repo — delete it from the API page immediately and generate a new one. Do not wait.
  </Card>
</CardGroup>

***

<AccordionGroup>
  <Accordion title="How many API tokens can I create?">
    You can create multiple API tokens on your account. There is no strict limit, but we recommend keeping it manageable — one token per application or integration. This gives you granular control over what to revoke if something goes wrong.
  </Accordion>

  <Accordion title="Where can I find the API documentation?">
    The full API documentation is linked directly from the **API** tab in your account settings. It includes all available endpoints, authentication details, request/response formats, and code examples for common operations.
  </Accordion>

  <Accordion title="What happens if I delete an API token?">
    Any application, script, or integration using that token will immediately lose access to the API and start getting authentication errors. Before deleting a token, make sure you have already updated any systems that depend on it with a replacement token.
  </Accordion>

  <Accordion title="Can I restrict what a token can do?">
    Currently, API tokens have the same level of access as your account. If you need different permission levels, the best approach is to use separate FREAKHOSTING accounts with shared server access (see our [sharing guide](/portals/vps-panel/how-to-share-vps-access)) and generate tokens on those accounts instead.
  </Accordion>
</AccordionGroup>

***

<Note>
  ### Need Extra Help?

  If you encounter any issues, our support team is ready to assist:

  * **Live Chat:** Quick assistance via our website.
  * **Support Ticket:** [Open a Ticket](https://freakhosting.com/clientarea/submitticket.php)
  * **Discord:** [Join our Community](https://discord.gg/freakhosting)
  * **Email:** [support@freakhosting.com](mailto:support@freakhosting.com)
</Note>

<Tip>
  ### Save on Your Hosting

  Ready to get a new server? Use code **KB20** at checkout for **20% off** your first month!
</Tip>

***

<div align="center">
  **Last Updated:** March 2026 | **VPS Support:** API management simplified.
</div>
