API Access

Modified on Thu, 7 Dec, 2023 at 3:50 PM

If you have the API module enabled, you can create new, edit and deactivate API Access tokens on your own in Imageshop. You can access the API access panel by following the steps below.

API access is an additional module in Imageshop. If you want API access, you can contact us at [email protected].


  1. Go to the administration - https://admin5.imageshop.no. Alternatively, if you are logged in to the user interface as an administrator, you will find a direct link to the administration to the right in the main menu.
  2. Use the menu which appears when you hover over your user name in the top right corner and select "Configuration"
  3. Select "API Access" 


You will now see the tokens issued and their associated access rights. You can also edit, disable, and create new tokens.



Remember to copy the token when you have created it. It will not be possible to retrieve the token after the first time you have created it.


It is good practice to disable a token if you issue a new one to replace a previously used token. Create a meaningful name for the tokens so that you can identify where they are used. For example, if it is used in a specific integration like WordPress, name it "WordPress". If it is used in a custom application, such as a custom API integration, name it after the name of the integration project.


For increased security, issue a new token at regular intervals, for example, once per year, and disable the old token.


Only grant access to the interfaces and disable upload for the token if no users should be able to upload. Restrict the token as much as possible for increased security.


A token should never be exposed on the client side of the application, for example, in JavaScript or HTML. A temporary token should be fetched server-side in the API using "GetTemporaryToken" in such cases, and this token should be used to access the API from the client side. Ideally, it should be avoided to use the token on the client side. If you need to use the token on a website, especially if it is a public one, the token should have very limited access. In this case, it is recommended to disable uploading and have a special public interface where the token will have access. The images in this interface should be considered public images, usable by anyone, as those with access to the token can use the API to, for example, download the image or perform other operations if the token is exposed on the client side.


To delete a token, please make it first inactive. After this you will be able to delete the token.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article