How to Get the Plex Token
All requests from Plex clients to a Plex server require a Plex authentication token. The Plex token is what determines if a user or device has been authorized to access the Plex server.
While most users won’t need to worry about or use the Plex token, if you wish to create an application or script that calls the Plex API commands, you will need to provide a Plex token.
What is the Plex token?
The Plex token is used to authenticate a device with your Plex server. When you are signed into your Plex Media Server, the device you using is assigned a token.
The device token is used to make requests to the Plex server.
Each device you sign into with your account will receive a different token. For example, if you sign into Plex on two different browsers on the same system, each browser would have a different Plex token.
The good news is that you only need one token to use with the Plex API – as long as the token is valid. So once you sign into Plex, you can just grab the token and use it to access Plex.
There are multiple tokens used by Plex, as well as multiple ways of getting a Plex token.
There are several different tokens used by Plex Media Server. The table below lists the different tokens:
Token | Description |
---|---|
Server token | The token associated with a Plex server. This is a token that can be used to manage the Plex server. |
Device token | This token is assigned to a device used by a server administrator. |
User token | The token associated with a managed user on a Plex server. |
Claim token | This token is used to claim a server. |
Transient token | A temporary token that can be generated with the same permissions as another token. |
The next few sections will explain the different Plex tokens and how to get each of them.
The server token
Each server you have associated with your Plex account is assigned a token. This token should be considered the administrative token, if that were a thing, as it can be used with any API request to the Plex server.
If you know the token for a Plex server, you can do anything on that server.
This server token is stored with the Plex settings and is only available by directly accessing your Plex server. If you have access to your server, you can find the Plex token easily.
Location of the server token
The Plex token for your server is stored in a location that is dependent on what operating system you use for your Plex server:
Operating System | Location |
---|---|
Windows | HKEY_CURRENT_USER\Software\Plex, Inc.\Plex Media Server Value: PlexOnlineToken |
MacOS | ~/Library/Preferences/com.plexapp.plexmediaserver.plist Key: PlexOnlineToken |
Linux | $PLEX_HOME/Library/Application Support/Plex Media Server/Preferences.xml Value: PlexOnlineToken |
Debian, Fedora, Ubuntu, and CentOS | /var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Preferences.xml Value: PlexOnlineToken |
How to reset the server token
While you shouldn't need to reset your Plex server token often, you can do so easily if you have direct access to your server.
If you do reset your server's Plex authentication token, you will need to reclaim your Plex server for your Plex account.
To reset your server's Plex authentication token, you would need to do the following:
- Log into your Plex server.
- Open the settings location as described in the previous section.
- Delete the following values from the settings:
- PlexOnlineHome (this setting will only be available if you are using the Plex Home managed users feature.)
- PlexOnlineMail
- PlexOnlineToken
- PlexOnlineUsername
- Restart Plex, and then claim your server for your Plex.tv account.
An additional method is to remove the server from your Plex account, which will invalidate the token associated with that server.
Reclaiming your Plex server should have regenerated a new authentication token for your Plex server. The old authentication token is now invalid.
The device token
Once you are signed into your Plex Media Server as an admin, it is easy to get the Plex token for the current device. To get the token, use the following steps:
- Open a Web browser and then navigate to your Plex server. Use you Plex administrator account and then click on any individual media item. Do not click on a collection.
- With the item available, click the three dots to display a context menu, and then click the Get Info option.
- The information window about the item will appear. In the lower-left corner, click the View XML link.
- The XML data for the item will appear in the browser window. The Plex Token will be shown at the end (far right) of the URL.
Now that you have the token, you can copy it and use it within the Plex API commands to return information about the Plex server.
The steps outlined above can only be done by a Plex user with full access to the server, not from other user accounts. This is because the Get Info and the View XML link are only visible to a user with full permissions.
The current user's token
Each user is assigned a Plex token and that token is used to make requests to the Plex server. Getting the token for the currently logged-in non-administrative user requires a bit more effort, but can be found.
The reason it requires a bit more effort is because the "View XML" option is not available for non-administrative users.
If you are logged in as an administrator, then the following steps will get the device token, which is the same token you get when following the steps in the previous section.
Use the following steps to get the Plex token for the current user:
- Open a Web browser and then navigate to your Plex server and click on any individual media item. Do not click on a collection.
- Open the Developer Tools for the Web browser. For Chrome, and Chromium browsers, and the Firefox browser, you would type F12 on most browsers. Click the Network tab.
- With the item available, click the three dots to display a context menu, and then click the Get Info option.
- The request for the Get Info will appear in the Network tab list. Click the request and the user's Plex token will appear in the Request URL value as the value of the X-Plex-Token parameter.
All tokens
To authenticate with Plex, all devices and users authorized on a Plex server have their own Plex token.
By using the Plex server token, you can send a request to plex.tv to get tokens for all users and devices authorized to access your Plex server.
To get all tokens authorized to access your Plex server, use the following steps:
- Follow the steps outlined in The Plex server token section above to get the server token. Copy this token as it will be used in the next step.
- In the address bar of a Web browser, enter the following URL:
https://plex.tv/api/v2/server/access_tokens?auth_token={server_token}
Replaceserver_token
with the token you found in step 1. - Press enter to have the browser request the URL and return XML data.
The XML data that is returned will list all devices authorized for your server along with their token (the token=
contains the token for the device).
Below the device list are additional tokens that have a type server
and then an invited
element. Each token/invited
pair is one user associated with your account.
The Plex token for that user is listed in the parent token
element for the invited
element associated with the user.
The claim token
In addition to the Plex token, there is a second token that is used to claim a Plex server. This token is called the claim token.
When you claim a server, a request is sent to plex.tv to generate a claim token. The response from that request is the actual token. The request includes your Plex token, which means the claim token is tied to your account.
That claim token is then sent to the Plex server during the Plex claim request to indicate the server is to be associated with your account.
This is the only time you will need the claim token as it isn't used to communicate with either your Plex server or plex.tv after it is used to claim a server.
For more information on the claim token can be found by reading Claim your Plex server using the API.
Invalidate all tokens
You may need to make the tokens associated with your Plex server invalid. Since they are used to authenticate to your server, you may have found one that is being misused.
Making your tokens invalid isn’t something most users will need to do very often but the option is available.
To invalidate all the tokens associated with your Plex instance, do the following:
- Open a Web browser and navigate to your Plex account profile.
- Click the Edit link next to the Password option.
- After filling in the new password fields and the current password, check the Sign out connected devices after password change checkbox.
After performing the above steps, all tokens previously associated with your account will now be invalid. This means that all servers and clients will no longer be connected to your Plex account. You will need to claim your Plex server to have it associated with your account.
The transient token
You can generate a temporary Plex transient token using the Transient Token API command. This token will have the same access level as the token used to make the API request.
Unlike a server or device Plex token, a transient token is valid for only 48 hours. Restarting the Plex server will also cause the transient token to become invalid.
Most Plex server owners won't need to use a transient token, but if you need a token that will have a limited lifetime or would like a token you can invalidate when needed, then you can use a generated transient token.
The above sections talked about what is the Plex token, where to get the Plex token, and how to make the tokens associated with your account invalid. While most users of Plex won’t need the Plex token, it is available if you would like to do more with your server.
What can you do with a Plex token?
The Plex token assigned to a device that can access your Plex server can be used for a few functions. The first was mentioned earlier: to access the Plex Media Server API commands.
Each Plex API command requires the Plex token to be provided for authentication. When a valid token is provided, the user can get information about the Plex server. An invalid token will return an unauthorized error.
A second function that can be used is to download the latest Plex version. The Plex Server Auto Updater is a tool used to update Plex when it is run as a Windows service. It reads the token from the Windows registry and uses it to download the latest version of Plex Media Server.