diff --git a/admin/api_settings.php b/admin/api_settings.php
index 288305be..f6a16102 100644
--- a/admin/api_settings.php
+++ b/admin/api_settings.php
@@ -145,7 +145,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     $userRs = hesk_dbQuery("SELECT `id`, `user`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `active` = '1'");
                     while ($row = hesk_dbFetchAssoc($userRs)) {
                         $row['number_of_tokens'] = 0;
-                        $users[$row['user']] = $row;
+                        $users[$row['id']] = $row;
                     }
                     $tokensRs = hesk_dbQuery("SELECT `user_id`, 1 FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "user_api_tokens`");
                     while ($row = hesk_dbFetchAssoc($tokensRs)) {
@@ -168,7 +168,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                         <tr>
                             <td><?php echo $row['user']; ?></td>
                             <td><?php echo $row['name']; ?></td>
-                            <td><?php echo $row['number_of_tokens']; ?></td>
+                            <td id="token-<?php echo $row['id']; ?>-count"><?php echo $row['number_of_tokens']; ?></td>
                             <td>
                                 <span class="btn-group">
                                     <button class="btn btn-default btn-xs" onclick="generateToken(<?php echo $row['id']; ?>)">
@@ -188,6 +188,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                                 </span>
                             </td>
                         </tr>
+                        <tr>
+                            <td colspan="4" id="token-<?php echo $row['id']; ?>-created" class="success hide">
+                                Generated Token: <code class="token"></code>
+                                <p><b>NOTE:</b> Please record this token, as this is the only time you will be able to view it!</p>
+                            </td>
+                        </tr>
                         <?php
                         endforeach;
                         ?>
diff --git a/internal-api/admin/api-authentication/index.php b/internal-api/admin/api-authentication/index.php
index 8335cbec..cb6189f7 100644
--- a/internal-api/admin/api-authentication/index.php
+++ b/internal-api/admin/api-authentication/index.php
@@ -21,10 +21,17 @@ if ($request_method == 'POST') {
     }
 
     if ($action == 'generate') {
-        $hash = hash("sha512", time());
+        $token = '';
+        $letter_array = ['0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'];
+        // Pick 32 random characters. That will be the hash
+        for ($i = 0; $i < 32; $i++) {
+            $letter = $letter_array[rand(0, 15)];
+            $token .= $letter;
+        }
+        $hash = hash("sha512", $token);
         store_token($user_id, $hash, $hesk_settings);
 
-        output($hash);
+        output($token);
         return http_response_code(200);
     } elseif ($action == 'reset') {
         //TODO
diff --git a/internal-api/dao/api_authentication_dao.php b/internal-api/dao/api_authentication_dao.php
index 67649ed8..109e52e4 100644
--- a/internal-api/dao/api_authentication_dao.php
+++ b/internal-api/dao/api_authentication_dao.php
@@ -1,5 +1,7 @@
 <?php
 
 function store_token($user_id, $token_hash, $hesk_settings) {
-    //TODO
+    $sql = "INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "user_api_tokens` (`user_id`, `token`)
+        VALUES ('" . hesk_dbEscape($user_id) . "', '" . hesk_dbEscape($token_hash) . "')";
+    hesk_dbQuery($sql);
 }
\ No newline at end of file
diff --git a/internal-api/js/api-settings.js b/internal-api/js/api-settings.js
index a8be7ada..67931e27 100644
--- a/internal-api/js/api-settings.js
+++ b/internal-api/js/api-settings.js
@@ -78,9 +78,14 @@ function generateToken(userId) {
         data: data,
         method: 'POST',
         success: function (data) {
+            $('#token-' + userId + '-created > .token').text(data);
+            $('#token-' + userId + '-created').removeClass('hide');
             markSuccess('token-' + userId);
+            var oldNumberOfTokens = parseInt($('#token-' + userId + '-count').text());
+            $('#token-' + userId + '-count').text(++oldNumberOfTokens);
         },
         error: function (data) {
+            console.error(data);
             markFailure('token-' + userId);
         }
     });
