π Overview
A Machine to Machine (M2M) token is an API credential that allows an external system or application to connect to the API on behalf of your business as a whole, rather than on behalf of an individual staff member or customer.
This makes M2M tokens well-suited to server-to-server integrations and automated background processes where no one needs to be logged in.
M2M tokens always operate in Provider mode with admin-level permissions. Common use cases include:
Reporting systems that periodically pull business metrics into an external platform
βWebhook processors that receive event notifications and fetch supporting data as needed
βCustom server-side applications that integrate with your business data without requiring staff logins
π‘ M2M tokens act on behalf of your business, not an individual user. For integrations that need to act as a specific staff member or customer, an OAuth token is more appropriate.
For a full comparison of authentication methods, see the API authentication documentation here.
π οΈ Setup
Up to two M2M tokens can now be created directly from your Business Dashboard.
The steps below cover how to generate a token and how to include it in your API requests.
π How to Create an M2M Token
Navigate to the M2M token section of your Business Dashboard and follow the steps below to generate a new token.
Click the arrow to learn how to create an M2M token
Click the arrow to learn how to create an M2M token
1οΈβ£ From your Business Dashboard, navigate to Settings β Integrations β API Integration β Get Started.
2οΈβ£ Complete your application following the steps outlined in our guide here.
π‘If you have already submitted an API application, click on Options β Manage Applications and jump to step .4
β3οΈβ£ Once you complete your application, click on Options β View and Update Applications
β
4οΈβ£ Scroll down to the M2M Tokens section, and select Add next to M2M Token.
β
5οΈβ£ Set your Token Expiry and Permissions and click on Generate Token.
β
6οΈβ£ An M2M Token will now be generated for you to view, edit, or Revoke at the bottom of your API application.
β οΈ Store your M2M token securely as soon as it is generated.
For security reasons, the full token value is only shown once. If you navigate away before copying it, you will need to delete the token and create a new one.
π How to Use Your M2M Token
Once generated, your M2M token is included in the HTTP Authorization header of every API request your integration makes.
Click the arrow to learn how to use your M2M token in API requests
Click the arrow to learn how to use your M2M token in API requests
Add the following header to each request made by your integration:
Authorization: Token <YOUR_TOKEN>
Replace <YOUR_TOKEN> with the value copied when you created the token. Note that M2M tokens use the Token prefix which differs from OAuth tokens, which use the JWT prefix instead.
For full details on available endpoints, request parameters, and response formats, refer to the API reference documentation:
β Frequently Asked Questions (FAQs)
Find answers to common questions or additional details that may not be covered in the main instructions.
Click the arrow to view frequently asked questions
Click the arrow to view frequently asked questions
What is the difference between an M2M token and an OAuth token?
Click the arrow to see the answer
Click the arrow to see the answer
An OAuth token represents an individual user, such as a staff member or customer, and carries that person's specific permissions. An M2M token represents your business as a whole and always operates with admin-level (Provider) access. M2M tokens are best suited to server-to-server integrations where no individual user login is involved.
Is a specific role or permission required to create an M2M token?
Click the arrow to see the answer
Click the arrow to see the answer
Only authorised users with the appropriate role within your TeamUp account can create M2M tokens. Contact your account Owner or Admin if you do not see the option in your Business Dashboard.
What should I do if I lose my token or it is compromised?
Click the arrow to see the answer
Click the arrow to see the answer
If you have lost your token or believe it may have been exposed, go to Settings β Integrations β API Integration β Options β Manage Applications and delete it from your Business Dashboard immediately and generate a new one.
Update any integrations using the old token with the new value as soon as possible to restore access.
Treat M2M tokens with the same care as passwords and never share them over email or other unsecured channels.
Can I create more than one M2M token?
Click the arrow to see the answer
Click the arrow to see the answer
Yes, you can create up to two M2M Tokens per API integration.
Creating a separate M2M token for each integration you run is recommended practice. This way, if one token needs to be revoked or rotated, your other integrations are not affected.
I already have an M2M token set up by the support team, do I need to do anything?
Click the arrow to see the answer
Click the arrow to see the answer
No action is needed. Any existing M2M tokens that were created on your behalf continue to work as normal. The self-service creation process is available for generating new tokens going forward and does not affect existing credentials.