Creating a developer token
To generate a developer token, navigate to https://{your-domain}/oauth-access-token in your browser (you may be prompted to log in).
Click Create Token to begin the process
Give your token a meaningful name and description β this helps you track where the token is used and makes it easier to manage if you need to revoke it later
Select the scopes you need (for example,
basic:readandbasic:writefor basic access to Frontify). Learn more about scopes and permissions.Choose an expiration time:
7 days
30 days
90 days
6 months
1 year
Click Create to generate your token
Important: Make sure to only select the scopes you need to limit potential misuse of the token. Scopes cannot be adjusted once the token is created.
β
After completing these steps, your developer token will be available. It should look similar to: cmFCUDPvYxaGgFN6aLBtfr7659Hp2AP8hW8ik77Q2mru4
Take note of the this token as once the dialog closes, you cannot retrieve it!
Using a non-personal email address (service user)
Tokens are tied to the user who generated it and thus have access to everything the user has. This is often not desired when setting up integrations.
If you don't want to use your personal email for token creation, you have several options:
1. Service account (recommended for production integrations)
Create a dedicated service user in Frontify with a generic or group email address (for example integration-name@yourcompany.com).
This approach ensures:
The token isn't tied to an individual who might leave the organization
Multiple team members can manage the integration
The token remains active even if a specific person's account is removed
2. Email alias
You can use an email alias (like yourname+api@company.com) that forwards to your main inbox but creates a separate Frontify account.
While email is routed to your inbox, the user remains separate in Frontify, with separate access rights.
3. Shared mailbox
Set up a shared mailbox that your team can access for managing API integrations.
How to set up a non-personal email address (service user)
Create a new email account for your service user (for example,
integration-name@yourcompany.com)Invite this user to Frontify
Complete the sign-up process for the service user. A good idea is to name this user in this way: "DO NOT DELETE - Integration-name user"
Invite the service user to the relevant projects or libraries with appropriate permissions
Sign in as the service user and create a developer token at
https://{your-domain}/oauth-access-token
Important security notes
Frontify Customer Support cannot restore lost credentials
If you lose your developer token because your non-personal user was deleted from your account, support cannot retrieve it for you. You will need to generate a new token. Store your tokens securely.
Token expiration
All tokens have an expiration time. Currently, email notifications for expiring tokens are being implemented. Plan to rotate your tokens before they expire to avoid service interruptions.
When to use developer tokens
Developer tokens should only be used for local development, testing, or setup of service apps. They are not recommended for production use.
For production integrations, consider using service apps for machine-to-machine authentication or OAuth 2.0 for user-delegated access. Visit developer.frontify.com for more information.
Use cases for developer tokens
Developer tokens are suitable for:
Synchronizing assets to Frontify
Private applications not requiring user-based authentication
Development and testing
CI/CD pipelines (for example, in a GitHub Action)
Setup of service apps