Where to Get the Plex Token?

All requests from Plex clients to a Plex server require a Plex authentication token. The Plex token is what determines if a user or device has been authorized to access the Plex server.

While most users won’t need to worry about or use the Plex token, if you wish to create an application or script that calls the Plex API commands, you will need to provide the X-Plex-Token value.

Table of contents

What is the Plex token?

Where to get the Plex token?

The Plex server token

The current user's token

Tokens for all users and devices

The Plex transient token

What can you do with the Plex token?

Regenerating a new claim token

The Plex claim token

What is the Plex token?

The Plex token is used to authenticate a device with your Plex server. When you are signed into your Plex Media Server, you are assigned a generated token. This token is used to authenticate your device with your Plex server. This replaces having to provide your user ID and password with each request you make to Plex.

The token we will be looking at in this article will be different for each device and Web browser you use to sign into Plex. For example, if you sign into Plex on two different browsers on the same system, each browser would have a different Plex token.

The good news is that you only need one token to use with the Plex API – as long as the token is valid. So once you sign into Plex, you can just grab the token and use it to access Plex.

So how do you get the Plex token, I’ll explain it in the next section.

Where to get the Plex token?

Once you are signed into your Plex Media Server as an admin, it is easy to get the Plex token. To get the token, use the following steps:

1. Open a Web browser and navigate to your Plex server and access the server using an ID that has full access to the server and click on any individual media item. Do not click on a collection.

   

2. With the item available, click the three dots to display a context menu, and then click the Get Info option.

   

3. The information window about the item will appear. In the lower-left corner, click the View XML link.

   

4. The XML data for the item will appear in the browser window. The Plex Token will be shown at the end (far right) of the URL.

   

Now that you have the token, you can copy it and use it within the Plex API commands to return information about the Plex server.

The steps outlined above can only be done by a Plex user with full access to the server, not from other accounts. This is because the Get Info and the View XML link are only visible to a user with full permissions.

The Plex server token

The above section discussed the Plex tokens that can be created to authenticate devices to Plex. There is also another token that authenticates your Plex server to your Plex account.

This server token is stored with the Plex settings and isn't readily available to be read. If you have access to your server, you can find the Plex token easily.

Location of the Plex server token

The Plex token for your server is stored in a location that is dependent on what operating system you use for your Plex server:

How to reset the server Plex token

While I don't recommend you do this or would have any reason to reset your server's authentication token, you can reset your Plex authentication token if you choose.

If you do reset your server's Plex authentication token, you will need to reclaim your Plex server for your Plex account.

To reset your server's Plex authentication token, you would need to do the following:

1. Log into your Plex server.
2. Open the settings location as described in the previous section.
3. Delete the following values from the settings:
   • PlexOnlineHome (this setting will only be available if you are using the Plex Home managed users feature.)
   • PlexOnlineMail
   • PlexOnlineToken
   • PlexOnlineUsername
4. Restart Plex, and then claim your server for your Plex.tv account.

An additional method is to remove the server from your Plex account, which will invalidate the token associated with that server.

Reclaiming your Plex server should have regenerated a new authentication token for your Plex server. The old authentication token is now invalid.

The current user's token

Each user is assigned a Plex token and that token is used to make requests to the Plex server. Getting the token for the currently logged in non-administrative user requires a bit more effort, but can be found. The reason it requires a bit more effort is because the "View XML" option is not available for non-administrative users.

Use the following steps to get the Plex token for the current user:

1. Open a Web browser and navigate to your Plex server and access the server and click on any individual media item. Do not click on a collection.

   

2. Open the Developer Tools for the Web browser. For Chrome, and Chromium browsers, and the Firefox browser, you would type F12 on most browsers. Click the Network tab.

   

3. With the item available, click the three dots to display a context menu, and then click the Get Info option.

   

4. The request for the Get Info will appear in the Network tab list. Click the request and the user's Plex token will appear in the Request URL value as the value of the X-Plex-Token parameter.

   

Tokens for all users and devices

To authenticate with Plex, all devices and users authorized on a Plex server have their own Plex token. The sections mentioned above explain ways of getting the administrative user's, server and current user tokens. This section will outline a method of getting all tokens for all users and devices.

You can by using the Plex server token outlined above, and the following steps:

1. Follow the steps outlined in The Plex server token section above to get the server token. Copy this token as it will be used in the next step.
2. In the address bar of a Web browser, enter the following URL:

   https://plex.tv/api/v2/server/access_tokens?auth_token=[server_token]

   Replace [server_token] with the token you found in step 1.
3. Press enter to have the browser request the URL and return XML data.

The XML data that is returned will list all devices authorized for your server along with their token (the token= contains the token for the device).

Below the device list are additional tokens that have a type server and then an invited element. Each token/invited pair is one user associated with your account.

The Plex token for that user is listed in the parent token element for the invited element associated with the user.

What happens if you need a new token? Perhaps the token has been misused, or others know of it. The next section will explain how you can invalidate tokens for your Plex server.

The Plex transient token

You can generate a temporary Plex transient token using the Transient Token API command. This token will have the same access level as the token used to make the API request.

Unlike a server or device Plex token, a transient token is valid for only 48 hours and will become invalid when the Plex server is restarted.

Most Plex server owners won't need to use a transient token, but if you are in need of a token that will have a limited lifetime or would like a token you can invalidate when needed, then you can use a generated transient token.

What can you do with the Plex token?

The Plex token assigned to a device that can access Plex can be used for a few functions. The first was mentioned earlier: to access the Plex Media Server API commands.

Each Plex API command requires the Plex token to be provided for authentication. When a valid token is provided, the user can get information about the Plex server. An invalid token will return an unauthorized error.

A second function that can be used is to download the latest Plex version from the online Plex server. The Plex Server Auto Updater is a tool used to update Plex when it is run as a Windows service, reads the token from the registry, and uses it to download the latest version of Plex Media Server.

Regenerating a new claim token

You may need to make the tokens associated with your Plex server invalid. Since they are used to authenticate to your server, you may have found one that is being misused. Making your tokens invalid isn’t something most users will need to do – I haven’t had a need myself, but the option is available.

To invalidate all the tokens associated with your Plex instance, do the following:

1. Open a Web browser and navigate to your Plex account profile.
2. Click the Edit link next to the Password option.
3. After filling in the new password fields and the current password, check the Sign out connected devices after password change checkbox.

After performing the above steps, all tokens previously associated with your account will now be invalid. This means that all servers and clients will no longer be connected to your Plex account. You will need to claim your Plex server to have it associated with your account.

The above sections talked about what is the Plex token, where to get the Plex token, and how to make the tokens associated with your account invalid. While most users of Plex won’t have a need for the Plex token, it is available if you would like to do more with your server.

The Plex claim token

In addition to the Plex token, there is a second token that is used to claim a Plex server. This token is called the claim token.

When you claim a server, a request is sent to plex.tv to generate a claim token. The response from that request is the actual token. The request includes your Plex token, which means the claim token is tied to your account.

That claim token is then sent to the Plex server during the Plex claim request to indicate the server is to be associated with your account.

This is the only time you will need the claim token as it isn't used with communication with either your Plex server or plex.tv after it is used to claim a server.

For more information on the claim token can be found by reading Claim your Plex server using the API.