API tokens are special JSON web tokens (JWTs) that Mythic can create per-user that don't expire automatically. This allows you to do long-term scripting capabilities without having to periodically check if your current access-token is expired, going through the refresh process, and then continuing along with whatever you were doing.
They're located in your settings page (click your name in the top right and click settings).
When making a request with an API token, set the
apitokenwith a value of your API token. This is in contrast to normal JWT usage where the header is
Authorizationand the value is
Bearer: <token here>.