API tokens can be generated via Account Settings > Security: enter a description for the token's intended usage and click generate.
You will be given an arbitrary string of characters that will be shown to you only once - this is your API token.
Tokens may be used in one of three ways:
Passed in the options object to the loadmill client, e.g.
Given as a basic authentication username with a blank password, e.g.
Given in an Authorization HTTP header as a bearer token, e.g.
Authorization: Bearer ewszIIzEDIeORLwTSrcEvrKKEWQeR9yzQqyCCKlK
An API token enables its bearer to create and run load tests with your account. You can do almost anything you can do in our web interface using tokens, except changing your password, making payments and generating more tokens.
Therefore, you should keep your token as safe as you can from untrusted third parties. If you suspect it may have been compromised, you may revoke the token via Account Settings > Security and generate a new one.