Skip to Content
Get StartedUsageAPI Tokens

API Tokens

Limbar uses authentication tokens to secure access to its API. There are two types of tokens available:

  • User Tokens
  • Organization Tokens

These tokens can be used with both direct HTTP API calls and the lim CLI tool.

Token Types

User Tokens

User tokens are automatically generated upon user login. When you log in via the lim CLI, it records the short-lived user token in ~/.lim/config.yaml.

The user tokens are valid for at most 1 week and you can’t specify a custom expiration date. You can use your user token to operate in all the organizations you have access to.

Organization Tokens

Organization tokens are manually created through the Limbar UI with a custom expiration date. They are tied to a specific organization and can be used by any user in the organization. Even if the token creator leaves the organization, the token will remain valid.

You can use your organization token to operate only in the organization that the token was created for.

Using Tokens with lim CLI

You can use your token with the lim CLI by setting the LIM_TOKEN environment variable:

export LIM_TOKEN='your-token-here'
lim run android # now authenticated with your token

Token Management

You can manage your tokens through the Limbar UI:

  • Create new organization tokens
  • Set expiration dates
  • View active tokens
  • Delete tokens that are no longer needed

Security Measures

Token Exposure Protection

Limbar takes token security seriously. If a token is exposed, there are several security measures in place to protect you and your organization.

If you discover that a token has been exposed publicly, you should immediately delete it through the Limbar UI to prevent unauthorized access.

As a GitHub Technology Partner, Limbar is integrated with GitHub’s secret scanning program. This means that if a Limbar token is ever committed to a public repository, GitHub automatically detects it and notifies us. Upon detection, we immediately invalidate the exposed token to prevent any potential misuse.

When a token exposure is detected, our notification system ensures all relevant parties are informed. For user tokens, the affected user receives a security alert email. In the case of organization tokens, all members of the organization receive security alert emails to ensure the entire team is aware and can take appropriate action.

Best Practices

  1. Regularly rotate your tokens
  2. Use organization tokens for automated systems
  3. Set appropriate expiration dates for organization tokens
  4. Never commit tokens to version control
  5. Use environment variables to store tokens in your applications
Last updated on
Get StartedMobile Testing with Gradle