> For the complete documentation index, see [llms.txt](https://docs.toucanai.cloud/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.toucanai.cloud/embed/authentication/how-to/authentication-and-tokens.md).

# Generate a token

{% hint style="info" %}
**Target Audience**: Developers & Non technical users
{% endhint %}

### Goal

Generate a temporary authentication token to authorize an embedded dashboard or the AI assistant in a development environment.

***

### Prerequisites

* A [Toucan AI account](/getting-started/quick-start/subscribe-to-toucan.md) with active access.
* A [valid API key](/embed/authentication/how-to/generate-an-api-key.md).
* Access to the platform's security and embed settings.

***

### Steps

#### 1. Access embed settings

* Click on the **Settings** button in the main menu.
* Select the **Embed & access** tab to access the token management interface.

#### 2. Configure authorized origins

* Navigate to the **Authorized Origins** section.
* Define the specific URLs (domains) where Toucan AI components are permitted to render.
* Toucan AI will reject requests and tokens used on domains not listed in this section.

#### 3. Define token attributes

* Review the **Token Attributes** section to see default identity fields like `distinctId` and `role`.
* Add any custom attributes (e.g., `location`, `department`) required to test Row-Level Security (RLS) filters.

#### 4. Generate a sandbox token

* Scroll to the **Token Generation Sandbox** section.
* Paste your API key into the designated field.
* Click **Generate Token** to create a signed credential.
* **Validity**: By default, sandbox tokens remain valid for **1 hour**.

<figure><img src="/files/PL3c3vo1IkdcaRs4FUNP" alt="Token Generation"><figcaption></figcaption></figure>

#### 5. Verify and inspect

* Copy the generated token for use in your embed code.
* **Token Introspection**: If you need to verify the payload, use the **Token Introspection** section to view the encoded attributes and expiration timestamp.

***

#### Token functionality

The generated token facilitates the following during an embedded session:

* **Secure Handshake**: Authenticates the component without exposing your master API key.
* **Data Scoping**: Automatically applies RLS rules based on the attributes contained in the token payload.

***

### Conclusion

You have generated a temporary token for testing purposes. While this sandbox token is suitable for development, production environments require your backend to generate these tokens dynamically via the API.

**Suggested Next Step**: [How-to: Embed a dashboard](/embed/embedding-overview/how-to/embed-a-dashboard.md) or [How-to: Configure Row-Level Security (RLS)](/embed/permissions-and-row-level-security/how-to/apply-rls-to-your-database.md)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.toucanai.cloud/embed/authentication/how-to/authentication-and-tokens.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.