# Lotus: API tokens
This guide explains how to generate new tokens for the Lotus APIs and what permissions can be attached to each of them.
# Obtaining tokens
Any client wishing to talk to the API endpoints (exposed by either the Lotus Node or the Lotus Miner), will need a token. Tokens can be obtained as follows.
For the Lotus Node:
lotus auth create-token --perm <read,write,sign,admin>
For the Lotus Miner:
lotus-miner auth create-token --perm <read,write,sign,admin>
Note that the Lotus daemon and/or the Lotus Miner need to be running in the background!
There are different permissions to choose from:
read- Read node state, no private data.
write- Write to local store / chain, and
sign- Use private keys stored in wallet for signing,
admin- Manage permissions,
# Default tokens
Notice how running
lotus auth create-token is actually triggering a request to the API exposed by the Lotus daemon running in the background. This request is no different but the Lotus application (as client) is using a default pre-generated API token that is available locally and located in
The same applies for