diff --git a/webadmin/src/views/tokens.html b/webadmin/src/views/tokens.html
index ee44f0a9b..34f2b9633 100644
--- a/webadmin/src/views/tokens.html
+++ b/webadmin/src/views/tokens.html
@@ -85,7 +85,35 @@
 
 <div class="section-header">
     <div class="text-left">
-        <h3>Application and API Access <button class="btn btn-primary btn-outline pull-right" ng-click="clientAdd.show()"><i class="fa fa-plus"></i> New API Client</button></h3>
+        <h3>API tokens</h3>
+    </div>
+</div>
+
+<!-- we will always at least have the webadmin token here, so activeClients always will have one entry with at least one token -->
+<div class="card">
+    <div class="grid-item-top">
+        <div class="row">
+            <div class="col-xs-12">
+                Use those tokens are for working with <a href="https://cloudron.io/references/api.html" target="_blank">https://cloudron.io/references/api.html</a>.<br/>
+                They have the <b>admin</b> <a href="https://cloudron.io/references/api.html#scopes" target="_blank">scope</a> attached and will not expire.
+                They are issued explicitly for the user who creates them, so they will return that users profile.
+                <br/>
+                <br/>
+                <h4 class="text-muted">Active Tokens <button class="btn btn-xs btn-primary btn-outline pull-right" ng-click="tokenAdd.show(apiClient)"><i class="fa fa-plus"></i> New Token</button></h4>
+                <hr/>
+                <p ng-repeat="token in apiClient.activeTokens">
+                    <b ng-click-select>{{ token.accessToken }}</b> <button class="btn btn-xs btn-danger pull-right" ng-click="removeToken(apiClient, token)" title="Revoke Token"><i class="fa fa-trash-o"></i></button>
+                </p>
+            </div>
+        </div>
+    </div>
+</div>
+
+<br/>
+
+<div class="section-header">
+    <div class="text-left">
+        <h3>Application and other API Access <button class="btn btn-xs btn-primary btn-outline pull-right" ng-click="clientAdd.show()"><i class="fa fa-plus"></i> New API Client</button></h3>
     </div>
 </div>
 
diff --git a/webadmin/src/views/tokens.js b/webadmin/src/views/tokens.js
index 3d261fdb3..596cc4e96 100644
--- a/webadmin/src/views/tokens.js
+++ b/webadmin/src/views/tokens.js
@@ -5,6 +5,7 @@ angular.module('Application').controller('TokensController', ['$scope', 'Client'
     $scope.config = Client.getConfig();
 
     $scope.activeClients = [];
+    $scope.apiClient = {};
     $scope.tokenInUse = null;
 
     $scope.clientAdd = {
@@ -146,6 +147,9 @@ angular.module('Application').controller('TokensController', ['$scope', 'Client'
             $scope.activeClients = activeClients;
 
             $scope.activeClients.forEach(refreshClientTokens);
+
+            $scope.activeClients = activeClients.filter(function (c) { return c.id !== 'cid-sdk'; });
+            $scope.apiClient = activeClients.filter(function (c) { return c.id === 'cid-sdk'; })[0];
         });
     }