Creating API Tokens

The main difference between tokens obtained via API call or border0 login method is their scope and expiry. Token created by issuing border0 login inherit the privilege level of supplied credentials/account and have a short lifetime.

Static Access Tokens, on the other hand, have their privilege scope defined at creation and do not expire until the configured expiry time or when they are deleted/revoked.

Creating an API Access token

Tokens can only be create by ORG admins via API or the Portal

To create a token using the portal, navigate to "Organization Settings" on the left menu panel.
After that, select "Access Tokens" and then click the "New" button on the top of the Access Tokens page.


Remember to Copy the token to clipboard

you will not be able to retrieve it again


Your Admin Token should like this



TOKENS are secrets!

Make sure you handle and store tokens with appropriate security tools and protocols

There are few types of tokens: connector, member, and admin

  • Admin tokens, as the name suggests, have full account privileges.
  • Member tokens can create, connect and delete sockets. They can also view everything in the organization. But cannot escalate themselves to admin or make any other organization setting changes.
  • Connector tokens similar to Member tokens but can only manage resources created by themselves are intended for usage with border0 connector

Using API Access tokens

Tokens can be used in the connector config file, or when using the border0 cli.

To use your newly created access token with the border0 cli you need to make the token available as an environment variable called BORDER0_ADMIN_TOKEN

For examples:

border0 socket ls


BORDER0_ADMIN_TOKEN=<TOKEN> border0 socket ls

Working with Docker

We publish docker image alongside our binary toolkit release, you can pull it from GitHub registry:

docker pull