Skip to main content

API Tokens

API Tokens

API Tokens let you connect trusted external tools to your 3DIMLI account. Use them when an MCP client, command-line setup, editor integration, or seller license-verification server needs a bearer token or x-user-api-token header.

Most users do not need to manage API tokens manually. If your MCP client supports the normal web connector or OAuth flow, use that flow instead and sign in through your browser.

Where to Find API Tokens

Open Dashboard -> Settings -> API Tokens.

Buyers see account API tokens for MCP-style account access. Sellers see two tabs:

TabPurpose
3DIMLI MCPMain account token for MCP clients and account integrations.
License VerificationSeller-only token for direct software and game license verification requests.

3DIMLI MCP Tokens

Use the 3DIMLI MCP token when a compatible client asks you to provide a token manually. This is commonly used by command-line or editor setups that connect to the token-based MCP endpoint.

When you generate a token, choose:

OptionWhat it means
Full account accessThe token can use all account areas available to your current role. If your account later gains seller access and has an active platform plan, seller tools can become available on the same full-access token.
Custom accessThe token is limited to selected scopes. Custom scopes stay fixed until you regenerate the token.
180 daysThe token expires automatically after 180 days.
PersistentThe token stays active until you revoke or regenerate it.

The raw token is shown only once after generation. Copy it immediately and store it in your MCP client, password manager, or secret manager. After that, the dashboard only shows a masked token suffix, creation time, expiry status, and last-used time.

License Verification Tokens

Sellers can use the License Verification tab to generate a purpose-specific token for software and game license checks.

Use this token only from your own license server or backend service. It is accepted by the software and game verification endpoints and is not used for MCP.

Important behavior:

  • Only one active license-verification token is shown at a time.
  • Generating a new license-verification token revokes the previous one.
  • The token stays active until you revoke or regenerate it.
  • The raw token is shown only once.
  • The token should never be shipped inside buyer-facing software, launchers, or public source code.

Regenerate or Revoke a Token

Regenerate a token when you need a new raw value, want to change scopes, want to change expiry mode, or suspect the token was exposed.

Revoke a token when you no longer use the connected client or integration. After revocation, any tool still using that token will fail until you generate and install a new one.

If you regenerate a token, update the connected client, script, server, or environment variable immediately.

Security Best Practices

  • Treat API tokens like passwords.
  • Keep tokens out of product binaries, screenshots, public repositories, support tickets, and shared documents.
  • Store server-side tokens in environment variables or a secret manager.
  • Use custom scopes when a client only needs limited access.
  • Prefer 180-day expiry for clients you do not use often.
  • Revoke old tokens after testing or rotating credentials.

Troubleshooting

IssueWhat to check
Token was not copiedRegenerate it. Raw tokens cannot be revealed later.
Client says unauthorizedConfirm the token was copied exactly, has not expired, and has not been revoked.
Seller tools are missing in MCPConfirm the account has seller access and an active platform plan. Regenerate a custom-scope token if you need new scopes.
License verification returns unauthorizedConfirm you are using the seller License Verification token, not the MCP token.
Token exposed publiclyRevoke or regenerate the token immediately and update the affected integration.