Skip to main content

Manage your API access tokens and connected apps

Create and revoke personal access tokens, view your legacy API key, and remove connected apps from the Access Tokens screen.

The Access Tokens screen is where you manage how outside tools and apps connect to the MinuteDock API as you. From here you can create a personal access token for a new integration, view your old legacy API key, and review or remove apps you have connected, such as the MinuteDock MCP.

These connections act on your behalf, so they respect the same Permissions and Contact visibility you have inside MinuteDock. Each User manages their own tokens and connected apps from their own Profile.

Open the Access Tokens screen

  1. Sign in to MinuteDock and click Profile at the top right.

  2. Find the API access card on the right.

  3. Click Manage Access Tokens.

The Access Tokens screen has three sections: Personal Access Tokens, your Legacy API Key, and Authorized Applications.

Personal access tokens

A personal access token lets another tool use the MinuteDock API to perform actions on your behalf, such as logging Time Entries, pulling reports, or syncing Contacts, Projects, and Tasks. This is the recommended way to connect a new integration.

Treat a token like a password — anyone who has it can act as you in MinuteDock, limited only by your Permissions.

Create a token

  1. On the Access Tokens screen, click Create Token.

  2. Give the token a name that describes where you will use it, so you can recognise it later.

  3. Copy the token secret and store it somewhere safe. You will not be able to see it again once you leave the screen.

  4. Paste the token into the tool or integration you are connecting.

Each token is listed with the Account it applies to, when it was Created, and when it was Last used, so you can tell which tokens are active.

Important: A token has the same access you do. A token created by an Admin can reach everything on the Account, while a token from a User with limited Permissions can only reach the data that User is allowed to see.

Revoke a token

If a token is no longer needed, or you think it may have been exposed, remove it. Find the token in the Personal Access Tokens list and revoke it. Any tool still using that token will immediately lose access, so update or disconnect that tool first.

Legacy API key

The Legacy API Key is the older, single key that MinuteDock generated for each User automatically. It still works, but it has been superseded by personal access tokens — avoid using it for new integrations, and prefer a personal access token instead.

To view it, click Show in the Legacy API Key section. If you have an older integration set up with this key, you can move it onto a personal access token when convenient.

Authorised applications

Authorised Applications are apps you have allowed to connect to MinuteDock on your behalf — for example, the MinuteDock MCP. Each app is listed with the Account it can access, when it was Last used, and when access Expires.

To disconnect an app, click Revoke next to it. That app will no longer be able to access MinuteDock as you. If you still want to use it, you will need to connect and re-authorise it again.

Read the full API documentation

For what the API can do and how to get started, see the MinuteDock API Overview. The complete API reference — every endpoint, request format, response sample, authentication detail, and rate limit — is published at developers.minutedock.com. Start there when you are ready to build, and keep it open as you work.

Did this answer your question?