Settings
The Settings page lets you manage API tokens and account settings.
API Tokens
API tokens allow external systems to interact with WhookTown:
- Send sensor data to update buildings
- Access the API programmatically
- Integrate with monitoring tools
- Use the CLI tool
Token List
The token table shows all your tokens:
| Column | Description |
|---|---|
| Name | Token name you assigned |
| Type | Token role (user, sensor, viewer) |
| Status | Validation status, expiration |
| Token | First 20 characters (click to copy full) |
| Created | Creation date |
| Expires | Expiration date |
| Actions | Copy, Revoke buttons |
Token Types
| Type | Permissions | Use Case |
|---|---|---|
| user | Full user access | General automation, full API access |
| sensor | Sensor write only | Monitoring integrations, sending metrics |
| viewer | Read-only access | Dashboard displays, read-only monitoring |
Creating a Token
- Click New Token button
- Enter a Token Name (e.g., "Prometheus Integration")
- Select Token Type from dropdown
- Review the permissions shown
- Click Create
Save your token
The full token is only shown once! Copy it immediately and store it securely.
Copying a Token
Click the Copy button next to a token to copy the full token to your clipboard.
Revoking a Token
- Click the Revoke button
- Confirm the action in the dialog
- The token is immediately invalidated
Irreversible
Revoking a token cannot be undone. Any systems using that token will lose access.
Token Expiration
- App tokens: 360 days (8640 hours) by default
- Expired tokens: Still listed but marked as expired
- Revoked tokens: Removed from the list
Danger Zone
The Danger Zone section contains destructive account actions.
Delete Account
Permanent deletion
Deleting your account is irreversible and removes all your data.
To delete your account:
- Click Delete Account button (red)
- A confirmation modal appears
- Type
DELETEin the input field - Click Delete my account permanently
What gets deleted:
- Your account and email
- All API tokens
- All city layouts
- All workflows
- All associated data
- Subscription (if any) is cancelled
What happens next:
- You're immediately logged out
- You'll be redirected to the login page
- You can create a new account with the same email later
Using Tokens
With the CLI
# Configure the CLI with your token
wt config set token YOUR_TOKEN_HERE
# Or use the --token flag
wt --token YOUR_TOKEN sensor send --id <building-id> --status online
With the API
# Send sensor data
curl -X POST https://sensor.whook.town/sensors \
-H "Authorization: Bearer YOUR_TOKEN_HERE" \
-H "Content-Type: application/json" \
-d '{"id": "building-uuid", "status": "online", "activity": "normal"}'
With Monitoring Tools
Most monitoring tools support webhook integrations. Configure them to:
- POST to
https://sensor.whook.town/sensors - Include
Authorization: Bearer YOUR_TOKENheader - Send JSON payload with
id,status,activity
Best Practices
Token Naming
Use descriptive names that identify the purpose:
- "Prometheus Production"
- "Grafana Alerts"
- "CI/CD Pipeline"
- "Monitoring Script"
Token Types
- Use sensor tokens for monitoring integrations (least privilege)
- Use viewer tokens for read-only dashboards
- Use user tokens only when full access is needed
Token Rotation
Periodically rotate tokens:
- Create a new token
- Update your systems to use the new token
- Verify everything works
- Revoke the old token
Security
- Never commit tokens to version control
- Use environment variables or secret managers
- Revoke tokens immediately if compromised
- Use the most restrictive token type possible