token_auth acts as your password and is used to authenticate in API requests.
token_auth is secret and should be handled very carefully: do not share it with anyone. Each Matomo user has a different
From Matomo 5 it is possible to create tokens that can only be used in a secure way (via POST requests) and will not be valid when used as a URL parameter for a GET request. It is recommended to create ‘Secure only’ tokens to improve security.
Matomo 4 and newer
To generate a
token_auth follow these steps:
- Log in to Matomo
- Go to the Matomo Admin through the top menu
- Click on Personal -> Security
- At the bottom of the page click on « Create new token »
- Confirm your account password
- Enter the purpose for this token
- Choose if the token should only be valid for secure requests (Matomo 5 and newer)
- Click on « Create new token »
You will now see the newly created token. Save it somewhere safe as you won’t be able to see it anymore once you leave that screen. For example, save it in a password manager. If you lose it, you will need to generate a new token.
We recommend you create a new token for every app or purpose. This way, you can easily delete or regenerate the token for specific purposes and see which ones are still being used etc.
Matomo 3 and older
You can find the
token_auth by logging in Matomo (Piwik), then click on Administration in the top menu, then click the link « API » in the left menu.
token_auth value can be re-generated on request by any user under Administration > Personal Settings.