---
title: chronoctl token
description: The token command reads a private token file, generates and signs the nonce, and then returns an expiring token to be used in the Authorization header.
url: https://docs.influxdata.com/chronograf/v1/tools/chronoctl/token/
estimated_tokens: 575
product: Chronograf
version: v1
---

# chronoctl token

The `token` command reads a private token file, generates and signs the nonce, and then returns an expiring token to be used in the `Authorization` header. For example:

```sh
Authorization: CHRONOGRAF-SHA256 <returned-expiring-token>
```

## Usage

```
chronoctl token [flags]
```

## Flags

| Flag |  | Description | Env. Variable |
| --- | --- | --- | --- |
| -h | --help | Output command help |  |
|  | --chronograf-url | Chronograf’s URL (default is http://localhost:8888) | CHRONOGRAF_URL |
| -k | --skip-verify | Skip TLS certification verification |  |
|  | --priv-key-file | Private key file location for superadmin token authentication | PRIV_KEY_FILE |

## Examples

The following example uses the RSA key used when started the Chronograf server and returns an expiring token that can be used to gain superadmin access to Chronograf.

The private key must correspond to the public key used when starting the Chronograf server.

```sh
chronoctl token --priv-key-file /path/to/chronograf-rsa
```