Create, name, and revoke personal Layer API tokens for connecting Layer to PowerBI, Excel, Google Sheets, the MCP server, and custom integrations.
The Layer API uses a token to authenticate every request. From the manage account API page, you can issue personal API tokens, give each one a meaningful name, set an expiration, and revoke a token without affecting any other token you hold. Each token belongs to one user and inherits that user's project access.
This article covers how to create a token, how token expiration works, how to rotate or revoke tokens, and how the new token model relates to the legacy single-token approach described in the API article.
Where to manage tokens
Open Layer.
Click the gear icon in the top right corner.
Choose Your Account.
Click the API tab.
The API tab lists the tokens you currently hold, with the name, the date the token was created, the expiration, and a Revoke button. The same page has a button to create a new token.
Creating a token
Click Create Token.
Enter a name that describes where the token will be used. Examples: "Power BI dashboard for Project Acme," "Claude Desktop MCP server," "Internal Python script."
Choose an expiration: 30 days, 90 days, 1 year, or No expiration.
Click Generate.
Layer shows the token value once. Copy it immediately and store it in your password manager or the secret store of the integration you are connecting. Layer does not show the token value again after the modal closes.
If you lose the token value, revoke the token and generate a new one.
Naming tokens
The name is for your reference only. Tokens with descriptive names are easier to audit, especially if you have several integrations connected to the same Layer account. Suggested patterns:
Tool first, project second: "Power BI - Acme Tower"
Tool only when used across all projects: "Excel desktop"
Personal scripts identified by purpose: "Daily backup script"
Rename a token at any time without invalidating its value. The Revoke action is the only way to invalidate a token.
Expiration
Layer enforces the expiration on every request. After the expiration date, requests using the token return a 401 Unauthorized response. Generate a new token before the old one expires to avoid downtime in any integration that depends on it.
Tokens with No expiration remain valid until you revoke them. Use this option carefully, especially for tokens stored in shared environments. Most integrations work well with a 90-day or 1-year expiration paired with a calendar reminder to rotate.
Rotating a token
To rotate a token, generate a new token first, update the integration with the new value, and only then revoke the old token. Rotating in this order avoids any window where the integration is broken.
Revoking a token
Click Revoke next to a token to invalidate it immediately. Active requests with the token complete normally, but any new requests return 401. There is no way to undo a revocation; if you revoke a token by mistake, generate a new one and update the integration.
Revoke a token if:
The token may have been exposed (for example pasted into a public repository or a chat message).
The integration that used the token is decommissioned.
A team member with access to the token leaves the organization.
Tokens and project access
A token inherits the project access of the user who created it. If your role on a project changes, the token's access changes immediately. If you are removed from a project, requests against that project's data using the token start returning errors.
Tokens cannot be transferred between users. To replace one user's token with another user's token, generate a new token under the new user and update the integration.
Tokens and the legacy single-token model
Earlier versions of Layer issued a single API token per account. The personal API token model replaces that single token with named, individually managed tokens. If your account previously had a single token, that token continues to work until it expires or is revoked. Going forward, create new tokens through the Personal API Tokens flow.
Common integrations
The Layer API connects to a wide range of tools. Common ones include:
Power BI: pulls Layer data into BI dashboards
Excel and Google Sheets: pull tables for ad hoc analysis
The Layer MCP server: exposes Layer to AI agents through the Model Context Protocol
Custom Python, Node, or Zapier scripts: automate cross-system workflows
See the API article for full API documentation links and example guides.
Permissions
All Layer users can create personal API tokens. Token actions are scoped to the user that owns them; one user cannot view or revoke another user's tokens. Owners can audit which users have generated tokens by reviewing user account activity.