{"id": "internals:datasette-create-token", "page": "internals", "ref": "datasette-create-token", "title": ".create_token(actor_id, expires_after=None, restrict_all=None, restrict_database=None, restrict_resource=None)", "content": "actor_id  - string \n                         \n                             The ID of the actor to create a token for. \n                         \n                     \n                     \n                         expires_after  - int, optional \n                         \n                             The number of seconds after which the token should expire. \n                         \n                     \n                     \n                         restrict_all  - iterable, optional \n                         \n                             A list of actions that this token should be restricted to across all databases and resources. \n                         \n                     \n                     \n                         restrict_database  - dict, optional \n                         \n                             For restricting actions within specific databases, e.g.  {\"mydb\": [\"view-table\", \"view-query\"]} . \n                         \n                     \n                     \n                         restrict_resource  - dict, optional \n                         \n                             For restricting actions to specific resources (tables, SQL views and  Canned queries ) within a database. For example:  {\"mydb\": {\"mytable\": [\"insert-row\", \"update-row\"]}} . \n                         \n                     \n                 \n                 This method returns a signed  API token  of the format  dstok_...  which can be used to authenticate requests to the Datasette API. \n                 All tokens must have an  actor_id  string indicating the ID of the actor which the token will act on behalf of. \n                 Tokens default to lasting forever, but can be set to expire after a given number of seconds using the  expires_after  argument. The following code creates a token for  user1  that will expire after an hour: \n                 token = datasette.create_token(\n    actor_id=\"user1\",\n    expires_after=3600,\n) \n                 The three  restrict_*  arguments can be used to create a token that has additional restrictions beyond what the associated actor is allowed to do. \n                 The following example creates a token that can access  view-instance  and  view-table  across everything, can additionally use  view-query  for anything in the  docs  database and is allowed to execute  insert-row  and  update-row  in the  attachments  table in that database: \n                 token = datasette.create_token(\n    actor_id=\"user1\",\n    restrict_all=(\"view-instance\", \"view-table\"),\n    restrict_database={\"docs\": (\"view-query\",)},\n    restrict_resource={\n        \"docs\": {\n            \"attachments\": (\"insert-row\", \"update-row\")\n        }\n    },\n)", "breadcrumbs": "[\"Internals for plugins\", \"Datasette class\"]", "references": "[]"}