> ## Documentation Index
> Fetch the complete documentation index at: https://learn.social.plus/llms.txt
> Use this file to discover all available pages before exploring further.

# Admin Tokens

> Generate, rotate, and revoke console admin tokens with strong operational governance.

<Info>
  Operational guide to generate, rotate, and revoke admin tokens while minimizing exposure risk.
</Info>

<CardGroup cols={3}>
  <Card title="Generate" icon="key">Create new token (1 year)</Card>
  <Card title="Rotate" icon="arrows-repeat">Invalidate & replace</Card>
  <Card title="Revoke" icon="shield">Immediate invalidation</Card>
  <Card title="Audit" icon="clock">Track usage & age</Card>
  <Card title="Least Privilege" icon="lock">Limit who can issue</Card>
  <Card title="Compliance" icon="check">Meet rotation policies</Card>
</CardGroup>

## Token Basics

| Aspect            | Value                                 |
| ----------------- | ------------------------------------- |
| Default Expiry    | 1 year (newly generated)              |
| Visibility        | Shown once at creation dialog         |
| Scope             | Console administrative API operations |
| Not Available For | Super Admin accounts                  |

<Warning>Copy token immediately; it cannot be retrieved later—only regenerated.</Warning>

## Generate Token

<Steps>
  <Step title="Navigate">Settings → Admin Users.</Step>
  <Step title="Options">Click ellipses … next to your admin user.</Step>
  <Step title="Generate">Select Generate new token.</Step>
  <Step title="Copy">Securely store in secrets manager.</Step>
  <Step title="Distribute">Limit distribution to required automation only.</Step>
</Steps>

## Rotation Strategy

<AccordionGroup>
  <Accordion title="Planned Rotation">Generate replacement token → update dependent services → revoke old (grace window ≤24h).</Accordion>
  <Accordion title="Unplanned Rotation">Suspected leak → immediate revoke → generate new → notify stakeholders.</Accordion>
  <Accordion title="Inventory Tracking">Maintain registry: owner, creation date, last used timestamp.</Accordion>
  <Accordion title="Automation Use">Prefer service-specific tokens rather than sharing a personal admin's token.</Accordion>
</AccordionGroup>

## Revoke Token

<Tabs>
  <Tab title="Self-Revoke">Admin revokes own token via same menu; session invalidated, re-login required.</Tab>
  <Tab title="Super Admin Revoke">Super Admin can revoke another admin's token if misuse or offboarding.</Tab>
  <Tab title="Post-Revoke">Old token immediately fails; dependent scripts must update to new token.</Tab>
</Tabs>

<Info>Errors when revoking: non-admin attempts or unknown username.</Info>

## Metrics

| Metric               | Description                        | Threshold                          |
| -------------------- | ---------------------------------- | ---------------------------------- |
| Active Tokens        | Count of valid admin tokens        | Unexpected growth → audit issuance |
| Avg Token Age (days) | Mean age since creation            | > 300 → schedule rotations         |
| Orphan Tokens        | Tokens with no recent usage (≥30d) | >0 → revoke                        |
| Compromise Incidents | Confirmed leaks                    | Any >0 → tighten issuance policy   |

## Troubleshooting

| Issue                         | Likely Cause           | Fix                                            |
| ----------------------------- | ---------------------- | ---------------------------------------------- |
| Cannot generate               | Super Admin account    | Use general admin account                      |
| Token lost                    | Not stored at creation | Generate new token; revoke old if still active |
| Script failing after rotation | Not updated credential | Update secret store & redeploy                 |
| Revocation error              | Username mismatch      | Verify exact admin username                    |

## Related

<CardGroup cols={2}>
  <Card title="Security" icon="lock" href="./security">Secure Mode & mTLS</Card>
  <Card title="Admin Access" icon="users" href="/analytics-and-moderation/console/management/admin-access-control">Permission governance</Card>
</CardGroup>
