API Tokens
~~~~~~~~~~
-API tokens allow stateless access to most parts of the REST API by
-another system, software or API client. Tokens can be generated for
-individual users and can be given separate permissions and expiration
-dates to limit the scope and duration of the access. Should the API
-token get compromised it can be revoked without disabling the user itself.
+API tokens allow stateless access to most parts of the REST API by another
+system, software or API client. Tokens can be generated for individual users
+and can be given separate permissions and expiration dates to limit the scope
+and duration of the access. Should the API token get compromised it can be
+revoked without disabling the user itself.
API tokens come in two basic types:
* full privileges: the token permissions are identical to that of the
associated user.
-WARNING: The token value is only displayed/returned once when the token is
-generated. It cannot be retrieved over the API at a later time!
+CAUTION: The token value is only displayed/returned once when the token is
+generated. It cannot be retrieved again over the API at a later time!
To use an API token, set the HTTP header 'Authorization' to the displayed value
of the form `PVEAPIToken=USER@REALM!TOKENID=UUID` when making API requests, or