API tokens can be generated via Settings > Security: enter a description for the token's intended usage and click GENERATE.
You will be given an arbitrary string of characters that will be shown to you ONLY ONCE - this is your API token, make sure to copy and store it in a safe place.
Tokens may be used in one of three ways:
Passed in the options object to the Loadmill npm module, e.g.
Given as a basic authentication username with a blank password, e.g.
Given in an Authorization HTTP header as a bearer token, e.g.
Authorization: Bearer ewszIIzEDIeORLwTSrcEvrKKEWQeR9yzQqyCCKlK
An API token enables its bearer to create and run load tests within your account. You can do almost anything you can do in our web interface using tokens, except changing your password, making payments and generating more tokens.
Therefore, you should keep your token as safe as you can from untrusted third parties. If you suspect it may have been compromised, you may revoke the token via Settings > Security and generate a new one.