Hetzner API Token
NightOps requires a Hetzner Cloud API token to manage your servers.
Create an API Token
Step 1: Create a Project (if needed)
Hetzner API tokens are scoped to a project:
- Log in to Hetzner Cloud Console
- Select your project (or create a new one)
Step 2: Generate Token
- Go to Security → API Tokens
- Click Generate API Token
- Configure the token:
- Description:
NightOps Integration - Permissions: Select Read & Write
- Description:
- Click Generate API Token
- Copy the token immediately — it won't be shown again
Step 3: Add to NightOps
- Log in to your NightOps dashboard
- Go to Providers → Add Provider → Hetzner
- Paste your API token
- Click Test Connection
- Click Save Provider
Required Permissions
NightOps requires Read & Write permissions:
| Permission | Purpose |
|---|---|
| Read | List servers, check status |
| Write | Power off/on servers |
Multiple Projects
If you have servers in multiple Hetzner projects:
- Generate a token for each project
- Add each as a separate provider in NightOps
- Name them clearly (e.g., "Hetzner - Production", "Hetzner - Staging")
Token Security
Best Practices
- Create a dedicated token — Don't reuse tokens from other integrations
- Use project isolation — Separate production and staging into different projects
- Audit regularly — Review API token list and remove unused tokens
Token Rotation
To rotate your token:
- Generate a new token in Hetzner Cloud Console
- Update the token in NightOps (Settings → Providers → Edit)
- Test the connection
- Delete the old token in Hetzner
Troubleshooting
"Invalid Token"
- Verify the token was copied completely
- Check the token is for the correct project
- Ensure Read & Write permissions are enabled
"Server Not Found"
- Confirm the server is in the same project as the token
- Check the server hasn't been deleted
Rate Limiting
Hetzner's API rate limit is 3,600 requests/hour. NightOps operations stay well within this limit.