From acdb9a9c0bbcab97eba4c36c0d00235cc5f7452f Mon Sep 17 00:00:00 2001
From: Kelvin Oghenerhoro Omereshone <kelvin@fleetdm.com>
Date: Wed, 29 Jun 2022 20:07:07 +0100
Subject: [PATCH] docs: update doc to include how to get the API token (#6381)

---
 docs/Using-Fleet/fleetctl-CLI.md | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/docs/Using-Fleet/fleetctl-CLI.md b/docs/Using-Fleet/fleetctl-CLI.md
index 41a5828e1a..33f8181912 100644
--- a/docs/Using-Fleet/fleetctl-CLI.md
+++ b/docs/Using-Fleet/fleetctl-CLI.md
@@ -273,7 +273,37 @@ fleetctl user create --name "API User" --email api@example.com --password temp!p
 
 Now that your new user is all set up, you will need to log in with `fleetctl login`. You'll now be able to perform tasks using `fleetctl` as your new API-only user.
 
-> If you are using a version of Fleet older than `4.13.0`, you will need to [reset the API-only user's password](https://github.com/fleetdm/fleet/blob/a1eba3d5b945cb3339004dd1181526c137dc901c/docs/Using-Fleet/fleetctl-CLI.md#reset-the-password) before running queries. 
+> If you are using a version of Fleet older than `4.13.0`, you will need to [reset the API-only user's password](https://github.com/fleetdm/fleet/blob/a1eba3d5b945cb3339004dd1181526c137dc901c/docs/Using-Fleet/fleetctl-CLI.md#reset-the-password) before running queries.
+
+### Get the API token of an API-only user
+To get the API key of an API-only user, you need to call the Login API with the credentials that were supplied during user creation.
+
+For example say the credentials provided was `api@fleetdm.com` for the email and `foobar12345` for the password. You may call the [Log in API](https://fleetdm.com/docs/using-fleet/rest-api#log-in) like so:
+
+```sh
+curl --location --request POST 'https://myfleetdomain.com/api/v1/fleet/login' \
+--header 'Content-Type: application/json' \
+--data-raw '{
+    "email": "api@fleetdm.com",
+    "password": "foobar12345"
+}'
+```
+
+The [Log in API](https://fleetdm.com/docs/using-fleet/rest-api#log-in) will return a response similar to the one below with the API token included which will not expire.
+
+```json
+{
+    "user": {
+        "id": 82,
+        "name": "API User",
+        "email": "api@fleetdm.com",
+        "global_role": "observer",
+        "api_only": true
+    },
+    "available_teams": [],
+    "token": "foo_token"
+}
+```
 
 ### Switching users