Glossary

What Is a Private Integration Token in GoHighLevel?

By Marnix Geerkens. Published 2026-05-28. Updated 2026-05-28.

A Private Integration Token in GoHighLevel is a long-lived API key scoped to a single sub-account that you use to authenticate direct API calls from your own scripts, tools, or integrations without needing the full OAuth flow.

In plain English

The GoHighLevel API requires authentication on every request. For published Marketplace Apps, authentication happens through OAuth 2.0 so each user grants access separately. For custom scripts you write yourself, or for one-off integrations, Private Integration Tokens are simpler.

You generate a Private Integration Token from the sub-account settings. It is a secret key tied to that specific sub-account. You include it in the Authorization header of your API requests. GoHighLevel authenticates the request and processes it with the permissions that token has been granted.

Private Integration Tokens do not expire unless you manually revoke them. This makes them convenient for long-running integrations, but it also means you should treat them like a password. Never share them publicly or commit them to a public code repository.

How it works

Go to a sub-account, open Settings, and find the Integrations or API section. Click to generate a new Private Integration Token. Copy it immediately. GoHighLevel will not show it again, though you can generate a new one if you lose it.

In your API calls, add the header: Authorization: Bearer YOUR_TOKEN_HERE. Every request authenticates automatically. You can test it with a curl command or in an API client like Postman before building your full integration.

Frequently asked questions