# API Fundamentals # API Fundamentals ## Authentication & Token Management ### Creating an API Token To create an API token, head over to the [API Tokens](https://app.prolific.com/researcher/tokens/) page in your toolbar, then click `Create API Token`. Give your token a name, and once you've done that, you'll see a button to copy it. ![To create an API token](https://files.buildwithfern.com/prolific-beta.docs.buildwithfern.com/e683d916290bf569f21f3b78fd3b8398e87ac4f7df9bb7773cace843f6456b30/docs/assets/creating-api-token.gif) ### Deleting an API Token To delete an API token, you'll need to head over to the [API Tokens](https://app.prolific.com/researcher/tokens/) page in your toolbar, find the token you wish to delete, and click `Delete`. You'll be asked to enter the name of the token in order to delete it. Please be aware that once a token is deleted, you will be unable to perform any more actions with it and it cannot be recovered. ![To delete an API token](https://files.buildwithfern.com/prolific-beta.docs.buildwithfern.com/dc980b2e76f3e148fa00a49744b09370416c2a5f66c99ad6c4a6751072a4d40e/docs/assets/deleting-api-token.gif) ### Token Best Practices * The Prolific API tokens have no expiry date and are best used for server-to-server communication only. We advise rotating API tokens as required. * The Prolific API tokens are scoped to the Researcher account - anything your researcher account can access, your API token can also access. * We recommend you do not integrate with the Prolific API directly from your web application. This would expose your tokens publicly. ### Using Your Token When making a call to Prolific's API, add an `Authorization` header with the value `Token `. ## Error codes The Prolific API may return the following error codes. | Code | Description | | ------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **400** | Bad Request - The request was unacceptable. Check the response for more details. | | **401** | Unauthorized - No valid token was provided. | | **404** | Not Found - The resource does not exist. | | **405** | Method Not Allowed - You tried to access a resource with an invalid method. | | **422** | Un-processable entity - A validation error on a well-formed request. Check the response for more details. | | **429** | Too many requests - You have sent too many requests (either in general, for a resource or for a related resource) in a given amount of time. [Click here](/documentation/core-concepts/managing-high-loads) for more information on handling 429s from Prolific. | **Note:** You may also get a 401 or 404 error if you do not have access to the requested resource. If the error is unclear or none of the above applies, please [submit a request](https://researcher-help.prolific.com/en/articles/476151-api-support) to our support team. ## API Status Prolific's status page can be found [here](https://status.prolific.com). You can also subscribe to updates.