API settings let you create and manage API tokens used to call Zippendo’s API (e.g. to create shipments, fetch orders, or integrate with your own systems).
Where to find it
Go to Settings → API (or API Settings). You’ll see a list of existing tokens (if any) and an option to Add API Token (or similar).
Creating an API token
Open Settings → API
Click Add API Token.
Name the token
Give the token a name (e.g. “WMS integration”, “Back office”) so you can recognise it later. You may be able to set permissions or scopes if the app supports it.
Create and copy the token
Click Create. The secret (the actual token value) is shown once. Copy and store it securely; you won’t be able to see it again. Use it in your API requests (e.g. as a Bearer token or in the header your API expects).
Treat API tokens like passwords. Don’t share them or commit them to code. If a token is leaked, revoke it in API settings and create a new one.
Using the token
Use the token in the Authorization header of your HTTP requests, for example:
Authorization: Bearer YOUR_TOKEN
Exact format and base URL are in the API documentation. Tokens are tied to your organization; they can only access data for that org.
Revoking a token
To revoke a token (e.g. when an integration is retired or the token was exposed), open Settings → API, find the token, and use Revoke or Delete. Any app or script using that token will stop working; create a new token if you need to keep integrating. 
