Click on the magnifying glass to the right. Starting typing a topic you wish to learn about

API Token Requests

Owned by Mary Irion
Last updated: Apr 16, 2024 by Alyssa Hill
3 min read

REDCap API

The acronym 'API' stands for 'Application Programming Interface'. The REDCap API is an interface that allows external applications to connect to REDCap remotely. It is necessary to have an API in order to implement the REDCap Mobile App or to perform data import/export using languages like Tableau.


API tokens requests are processed AFTER the REDCap project has been created. The process is initiated in REDCap. BMIC will follow up with the PI to approve token requests for each user.
It is the responsibility of the PI to ensure that API accounts are kept current and privileges are revoked in a timely fashion

Initial Considerations

  • API software clients use one or more REDCap API tokens (32-character hex strings) to authenticate to REDCap on behalf of its users.

  • Each API token is specific to a single user's privileges in a single REDCap project and must be approved by the project PI via ProTracks. 

  • For use with REDCap mobile App, a use case review will be performed to determine number of API tokens needed for that specific project.



The Process

  1. Create your REDCap Project and ensure the users who will need API have API User Rights enabled

  3. On the left side of the screen in the Applications section, click on API

  4. On the next screen, click on Request API Token which will automatically send a service ticket request to the REDCap Help Desk

  6. The REDCap Administrator will send a ProTracks form to the project PI requesting specific information

  7. Once the requirement information is completed by the PI and approved by the REDCap team, the REDCap administrator will approve your request.

  8. You can then navigate to the project for which you are requesting the API token, click API in the left column, and then click Request API

  9. The next screen will show your 32-character API Token which is ONLY for you for this project only.



To Revoke an API Token
To reduce the risk of inappropriate access to REDCap data, the Project's Principle Investigator is required to revoke API tokens that are no longer in use.
When an API token is no longer needed:

  1. In your REDCap project, click API in the left column.

  2. On the Manage All Project Tokens tab, click the red X corresponding to the user whose API token should be revoked.


Additional Considerations

  1. Because of security reasons and to ensure privacy EVERY user requesting an API access must have approval form signed by the PI. This form is part of ProTracks and will be sent to the PI by BMIC Staff

  2. It is the responsibility of the PI to ensure that API accounts are kept current and privileges are revoked in a timely fashion

  3. There is also an API Playground page in each of your REDCap projects. The playground will allow you to experiment with the REDCap API and see the range of its functionality without even having to write any code.