> For the complete documentation index, see [llms.txt](https://developer.paddle.com/llms.txt).

# Programmatically create and manage client-side tokens

Use new client-side token API operations and webhooks to automate your frontend integrations with Paddle.

---

## What's new?

We've introduced new API operations and webhooks to create, fetch, list, and revoke client-side tokens, plus new webhook events to notify you when client-side tokens are created or revoked.

## How it works

[Paddle.js](https://developer.paddle.com/paddlejs/overview.md) is our client-side library used to integrate Paddle on the frontend. [Client-side tokens](https://developer.paddle.com/paddlejs/client-side-tokens.md) are the required method of authentication for Paddle.js. You provide client-side tokens when [initializing Paddle.js](https://developer.paddle.com/paddlejs/include-paddlejs.md).

Previously, you had to create and manage your client-side tokens through the dashboard. Now, you can [create](https://developer.paddle.com/api-reference/client-tokens/create-client-token.md), [fetch](https://developer.paddle.com/api-reference/client-tokens/get-client-token.md), [list](https://developer.paddle.com/api-reference/client-tokens/create-client-token.md), and [revoke](https://developer.paddle.com/api-reference/client-tokens/update-client-token.md) client-side tokens through the Paddle API, and [get notified with events](https://developer.paddle.com/webhooks/overview.md) when client-side tokens are [created](https://developer.paddle.com/webhooks/client-tokens/client-token-created.md) or [revoked](https://developer.paddle.com/webhooks/client-tokens/client-token-revoked.md) through the dashboard or the API.

Third-party integrations may also use these client-side token operations or webhooks to streamline your implementation of Paddle, support web payments through Paddle, or enable powerful new functionalities — like the [RevenueCat integration](https://www.revenuecat.com/integrations/revenuecat-paddle/). You can give API keys with **Client-side token (Read)** (`client_token.read`) and **Client-side token (Write)** (`client_token.write`) [permissions](https://developer.paddle.com/api-reference/about/permissions.md) to third-party integrations to enable these features.

{% callout type="info" %}
You should only grant these permissions if they're required. Not all integrations use Paddle.js or have features that use these operations and webhooks.
{% /callout %}

## Next steps

This change is available in version `1` of the Paddle API.

It's a non-breaking change, meaning it doesn't impact existing integrations. Permissions for existing API keys haven't been updated to include `client_token.read` or `client_token.write`.

Read more about [client-side tokens](https://developer.paddle.com/paddlejs/client-side-tokens.md) and [Paddle.js](https://developer.paddle.com/paddlejs/overview.md) to explore their capabilities, and more about [API keys](https://developer.paddle.com/api-reference/about/api-keys.md) and [permissions](https://developer.paddle.com/api-reference/about/permissions.md) to understand how to grant access to third-party apps safely.
## Summary of changes

| Name | Type | Change | Entity | Description |
| --- | --- | --- | --- | --- |
| POST Create a client-side token | API operation | added | Client tokens |  |
| PATCH Update a client-side token | API operation | added | Client tokens |  |
| GET List client-side tokens | API operation | added | Client tokens |  |
| GET Get a client-side token | API operation | added | Client tokens |  |
| `client_token.created` | Webhook | added | Client tokens |  |
| `client_token.updated` | Webhook | added | Client tokens |  |
| `client_token.revoked` | Webhook | added | Client tokens |  |
| `client_tokens.read` | Permission | added | API keys |  |
| `client_tokens.write` | Permission | added | API keys |  |