DigitalOcean API Token
NightOps requires a DigitalOcean Personal Access Token to manage your resources.
Create an API Token
Step 1: Generate Token
- Log in to your DigitalOcean Control Panel
- Go to API → Tokens/Keys
- Click Generate New Token
- Configure the token:
- Token name:
NightOps Integration - Expiration: Choose based on your security policy (or "No expiry")
- Scopes: Select Read and Write
- Token name:
- Click Generate Token
- Copy the token immediately — it won't be shown again
Step 2: Add to NightOps
- Log in to your NightOps dashboard
- Go to Providers → Add Provider → DigitalOcean
- Paste your API token
- Click Test Connection
- Click Save Provider
Required Scopes
NightOps requires both Read and Write scopes to:
| Scope | Purpose |
|---|---|
| Read | List Droplets, databases, Kubernetes clusters |
| Write | Power off/on Droplets, resize databases, scale node pools |
Token Security
Best Practices
- Create a dedicated token — Don't reuse tokens from other integrations
- Set expiration — Use a reasonable expiration and rotate regularly
- Audit usage — Review API access in DigitalOcean's Activity Log
Token Rotation
To rotate your token:
- Generate a new token in DigitalOcean
- Update the token in NightOps (Settings → Providers → Edit)
- Test the connection
- Delete the old token in DigitalOcean
Troubleshooting
"Invalid Token"
- Verify the token was copied completely
- Check the token hasn't expired
- Confirm both Read and Write scopes are enabled
"Forbidden" Errors
- Ensure Write scope is enabled
- Verify the token owner has access to the resources
Rate Limiting
DigitalOcean rate limits API requests to 5,000/hour. NightOps operations are well within this limit for normal usage.