diff --git a/src/js/index.js b/src/js/index.js
index 9fed217b4..48e278ffd 100644
--- a/src/js/index.js
+++ b/src/js/index.js
@@ -159,9 +159,6 @@ app.config(['$routeProvider', function ($routeProvider) {
     }).when('/system', {
         controller: 'SystemController',
         templateUrl: 'views/system.html?<%= revision %>'
-    }).when('/tokens', {
-        controller: 'TokensController',
-        templateUrl: 'views/tokens.html?<%= revision %>'
     }).otherwise({ redirectTo: '/'});
 }]);
 
diff --git a/src/views/tokens.html b/src/views/tokens.html
deleted file mode 100644
index 5a7fcac46..000000000
--- a/src/views/tokens.html
+++ /dev/null
@@ -1,197 +0,0 @@
-
-<!-- Modal add client -->
-<div class="modal fade" id="clientAddModal" tabindex="-1" role="dialog">
-    <div class="modal-dialog">
-        <div class="modal-content">
-            <div class="modal-header">
-                <h4 class="modal-title">Add OAuth Client</h4>
-            </div>
-            <div class="modal-body">
-                <form name="clientAddForm" role="form" novalidate ng-submit="clientAdd.submit()" autocomplete="off">
-                    <div class="form-group" ng-class="{ 'has-error': (clientAddForm.name.$dirty && clientAddForm.name.$invalid) || (!clientAddForm.name.$dirty && clientAdd.error.name) }">
-                        <label class="control-label">Application name</label>
-                        <div class="control-label" ng-show="(!clientAddForm.name.$dirty && clientAdd.error.name) || (clientAddForm.name.$dirty && clientAddForm.name.$invalid)">
-                            <small ng-show="clientAddForm.name.$error.required">A name is required</small>
-                            <small ng-show="!clientAddForm.name.$dirty && clientAdd.error.name">{{ clientAdd.error.name }}</small>
-                        </div>
-                        <input type="text" class="form-control" ng-model="clientAdd.name" name="name" id="clientAddName" required autofocus>
-                    </div>
-                    <div class="form-group" ng-class="{ 'has-error': (clientAddForm.redirectURI.$dirty && clientAddForm.redirectURI.$invalid) || (!clientAddForm.redirectURI.$dirty && clientAdd.error.redirectURI) }">
-                        <label class="control-label">Authorization callback URL</label>
-                        <div class="control-label" ng-show="!clientAddForm.redirectURI.$dirty && clientAdd.error.redirectURI">
-                            <small ng-show="!clientAddForm.redirectURI.$dirty && clientAdd.error.redirectURI">{{ clientAdd.error.redirectURI }}</small>
-                        </div>
-                        <input type="text" class="form-control" ng-model="clientAdd.redirectURI" name="redirectURI" id="clientAddRedirectURI" required>
-                    </div>
-                    <div class="form-group" ng-class="{ 'has-error': (clientAddForm.scope.$dirty && clientAddForm.scope.$invalid) || (!clientAddForm.scope.$dirty && clientAdd.error.scope) }">
-                        <label class="control-label">Scope</label>
-                        <div class="control-label" ng-show="(!clientAddForm.scope.$dirty && clientAdd.error.scope) || (clientAddForm.scope.$dirty && clientAddForm.scope.$invalid)">
-                            <small ng-show="clientAddForm.scope.$error.required">A scope is required</small>
-                            <small ng-show="!clientAddForm.scope.$dirty && clientAdd.error.scope">{{ clientAdd.error.scope }}</small>
-                        </div>
-                        <input type="text" class="form-control" ng-model="clientAdd.scope" name="scope" id="clientAddScope" placeholder="Specify any number of scope separated by a comma ','" required>
-                    </div>
-                    <input class="hide" type="submit" ng-disabled="clientAddForm.$invalid || clientAdd.busy"/>
-                </form>
-            </div>
-            <div class="modal-footer">
-                <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
-                <button type="button" class="btn btn-success" ng-click="clientAdd.submit()" ng-disabled="clientAddForm.$invalid || clientAdd.busy"><i class="fa fa-circle-notch fa-spin" ng-show="clientAdd.busy"></i> Add OAuth Client</button>
-            </div>
-        </div>
-    </div>
-</div>
-
-<!-- Modal remove client -->
-<div class="modal fade" id="clientRemoveModal" tabindex="-1" role="dialog">
-    <div class="modal-dialog">
-        <div class="modal-content">
-            <div class="modal-header">
-                <h4 class="modal-title">Remove OAuth Client</h4>
-            </div>
-            <div class="modal-body">
-                <p>
-                    Removing client <b>{{ clientRemove.client.appId }}</b> will also remove all access from scripts and apps using those credentials.
-                    You may want to consult the other Cloudron admins first.
-                </p>
-            </div>
-            <div class="modal-footer">
-                <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
-                <button type="button" class="btn btn-danger" ng-click="clientRemove.submit()" ng-disabled="clientRemove.busy"><i class="fa fa-circle-notch fa-spin" ng-show="clientRemove.busy"></i> Remove OAuth Client</button>
-            </div>
-        </div>
-    </div>
-</div>
-
-<!-- Modal add token -->
-<div class="modal fade" id="tokenAddModal" tabindex="-1" role="dialog">
-    <div class="modal-dialog">
-        <div class="modal-content">
-            <div class="modal-header">
-                <h4 class="modal-title">Create API token</h4>
-            </div>
-            <div class="modal-body">
-                <div ng-hide="tokenAdd.token.accessToken">
-                    <form name="tokenAddForm" role="form" novalidate ng-submit="tokenAdd.submit()" autocomplete="off">
-                    <div class="form-group" ng-class="{ 'has-error': (tokenAddForm.tokenName.$dirty && tokenAddForm.tokenName.$invalid) || (!tokenAddForm.tokenName.$dirty && tokenAdd.error.tokenName)}">
-                        <label class="control-label">Token name</label>
-                        <div class="control-label" ng-show="(!tokenAddForm.tokenName.$dirty && tokenAdd.error.tokenName) || (tokenAddForm.tokenName.$dirty && tokenAddForm.tokenName.$invalid)">
-                        <small ng-show="tokenAddForm.tokenName.$error.required">A token name is required</small>
-                        <small ng-show="(tokenAddForm.tokenName.$dirty && tokenAddForm.tokenName.$invalid) && !tokenAddForm.tokenName.$error.required">This token name is not valid</small>
-                        <small ng-show="!tokenAddForm.email.$dirty && tokenAdd.error.tokenName">{{ tokenAdd.error.tokenName }}</small>
-                        </div>
-                        <input type="text" class="form-control" ng-model="tokenAdd.tokenName" id="inputTokenAddName" name="tokenName" required autofocus>
-                    </div>
-                    <input class="ng-hide" type="submit" ng-disabled="tokenAddForm.$invalid"/>
-                    </form>
-                </div>
-
-                <div ng-show="tokenAdd.token.accessToken">
-                    Use the following token to authenticate against the <a href="https://cloudron.io/developer/api/" target="_blank">Cloudron API</a>:
-                    <br/>
-                    <b ng-click-select>{{ tokenAdd.token.accessToken }}</b>
-
-                    <br/>
-                    <br/>
-                    <p>Please copy the token now. It won't be shown again for security purposes.</p>
-                </div>
-            </div>
-            <div class="modal-footer">
-                <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
-                <button type="button" class="btn btn-success" ng-click="tokenAdd.submit()" ng-hide="tokenAdd.token.accessToken" ng-disabled="tokenAddForm.$invalid || tokenAdd.busy">
-                    <i class="fa fa-circle-notch fa-spin" ng-show="tokenAdd.busy"></i> Generate Token
-                </button>
-            </div>
-        </div>
-    </div>
-</div>
-
-<div class="content">
-    <div class="text-left">
-        <h3>API Tokens <button class="btn btn-primary btn-sm pull-right" ng-click="tokenAdd.show(apiClient)"><i class="fa fa-plus"></i> New Token</button></h3>
-    </div>
-
-    <!-- we will always at least have the webadmin token here, so activeClients always will have one entry with at least one token -->
-    <div class="card">
-        <div class="grid-item-top">
-            <div class="row">
-            <div class="col-xs-12">
-                <p>These tokens can be used to access the <a ng-href="{{ config.webServerOrigin + '/developer/api/' }}" target="_blank">Cloudron API</a>.</p>
-                <table class="table table-hover">
-                <thead>
-                    <tr>
-                    <th style="width:70%">Name</th>
-                    <th style="width: 5%" class="text-right">Actions</th>
-                    </tr>
-                </thead>
-                <tbody>
-                    <tr ng-repeat="token in apiClient.activeTokens">
-                    <td class="text-left elide-table-cell">
-                        {{ token.name || '-' }}
-                    </td>
-                    <td class="text-right no-wrap" style="vertical-align: bottom">
-                        <button class="btn btn-xs btn-danger pull-right" ng-click="removeToken(apiClient, token)" title="Revoke Token"><i class="far fa-trash-alt"></i></button>
-                    </td>
-                    </tr>
-                </tbody>
-                </table>
-            </div>
-            </div>
-        </div>
-    </div>
-
-    <br/>
-
-    <div class="text-left">
-        <h3>OAuth Apps<button class="btn btn-xs btn-primary btn-outline pull-right" ng-click="clientAdd.show()"><i class="fa fa-plus"></i> New OAuth Client</button></h3>
-    </div>
-
-    <!-- we will always at least have the webadmin token here, so activeClients always will have one entry with at least one token -->
-    <div class="card" ng-repeat="client in activeClients | activeOAuthClients:user">
-        <div class="grid-item-top">
-            <div class="row">
-                <div class="col-xs-12">
-                    <h4 class="text-muted">
-                        {{client.name}} <span ng-show="client.type !== 'external' && client.type !== 'built-in'">on {{client.domain}}</span>
-                    </h4>
-                </div>
-            </div>
-            <div class="row">
-                <div class="col-xs-12">
-                    <div class="row">
-                        <div class="col-xs-12">
-                            <b>{{ client.activeTokens.length }}</b> active token(s).
-                            <br/>
-                            <a href="" data-toggle="collapse" data-parent="#accordion" data-target="#collapse{{client.id}}">Advanced</a>
-                            <div id="collapse{{client.id}}" class="panel-collapse collapse">
-                                <div class="panel-body">
-                                    <h4 class="text-muted">Credentials <button class="btn btn-xs btn-danger pull-right" ng-click="clientRemove.show(client)" title="Remove OAuth Client" ng-show="client.type === 'external'">Remove OAuth Client</button></h4>
-                                    <hr/>
-                                    <p>Scope: <b ng-click-select>{{ client.scope }}</b></p>
-                                    <p>RedirectURI: <b ng-click-select>{{ client.redirectURI }}</b></p>
-                                    <p>Client ID: <b ng-click-select>{{ client.id }}</b></p>
-                                    <p ng-show="client.clientSecret" style="overflow: auto; white-space: nowrap;">Client Secret: <b ng-click-select>{{ client.clientSecret }}</b></p>
-
-                                    <br/>
-
-                                    <h4 class="text-muted">Tokens
-                                        <div class="pull-right">
-                                            <button class="btn btn-xs btn-default" ng-click="removeAccessTokens(client)" ng-disabled="!client.activeTokens.length || client.busy"><i class="fa fa-circle-notch fa-spin" ng-show="client.busy"></i> Revoke All</button>
-                                            <button class="btn btn-xs btn-primary btn-outline" ng-click="tokenAdd.show(client)"><i class="fa fa-plus"></i> New Token</button>
-                                        </div>
-                                    </h4>
-
-                                    <hr/>
-
-                                    <p ng-repeat="token in client.activeTokens">
-                                        <b ng-click-select>{{ token.name || token.id }}</b> <button class="btn btn-xs btn-danger pull-right" ng-click="removeToken(client, token)" title="Revoke Token"><i class="far fa-trash-alt"></i></button>
-                                    </p>
-                                </div>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-            </div>
-        </div>
-    </div>
-</div>
diff --git a/src/views/tokens.js b/src/views/tokens.js
deleted file mode 100644
index 324aab4ba..000000000
--- a/src/views/tokens.js
+++ /dev/null
@@ -1,197 +0,0 @@
-'use strict';
-
-/* global angular:false */
-/* global $:false */
-
-angular.module('Application').controller('TokensController', ['$scope', '$location', 'Client', function ($scope, $location, Client) {
-    Client.onReady(function () { if (!Client.getUserInfo().admin) $location.path('/'); });
-
-    $scope.user = Client.getUserInfo();
-    $scope.config = Client.getConfig();
-
-    $scope.activeClients = [];
-    $scope.apiClient = {};
-
-    $scope.clientAdd = {
-        busy: false,
-        error: {},
-        name: '',
-        scope: '',
-        redirectURI: '',
-
-        show: function () {
-            $scope.clientAdd.busy = false;
-
-            $scope.clientAdd.error = {};
-            $scope.clientAdd.name = '';
-            $scope.clientAdd.scope = 'profile';
-            $scope.clientAdd.redirectURI = '';
-
-            $scope.clientAddForm.$setUntouched();
-            $scope.clientAddForm.$setPristine();
-
-            $('#clientAddModal').modal('show');
-        },
-
-        submit: function () {
-            $scope.clientAdd.busy = true;
-            $scope.clientAdd.error = {};
-
-            var CLIENT_REDIRECT_URI_FALLBACK = Client.apiOrigin || location.origin;
-
-            Client.createOAuthClient($scope.clientAdd.name, $scope.clientAdd.scope, $scope.clientAdd.redirectURI || CLIENT_REDIRECT_URI_FALLBACK, function (error) {
-                $scope.clientAdd.busy = false;
-
-                if (error && error.statusCode === 400) {
-                    if (error.message.indexOf('redirectURI must be a valid uri') === 0) {
-                        $scope.clientAdd.error.redirectURI = error.message;
-                        $scope.clientAddForm.redirectURI.$setPristine();
-                        $('#clientAddRedirectURI').focus();
-                    } else if (error.message.indexOf('Username can only contain alphanumerals and dash') === 0) {
-                        $scope.clientAdd.error.name = error.message;
-                        $scope.clientAddForm.name.$setPristine();
-                        $('#clientAddName').focus();
-                    } else if (error.message.indexOf('Invalid scope') === 0) {
-                        $scope.clientAdd.error.scope = error.message;
-                        $scope.clientAddForm.scope.$setPristine();
-                        $('#clientAddScope').focus();
-                    } else {
-                        console.error(error);
-                    }
-                    return;
-                } else if (error) return console.error('Unable to create API client.', error.statusCode, error.message);
-
-                refresh();
-
-                $('#clientAddModal').modal('hide');
-            });
-        }
-    };
-
-    $scope.clientRemove = {
-        busy: false,
-        client: {},
-
-        show: function (client) {
-            $scope.clientRemove.busy = false;
-            $scope.clientRemove.client = client;
-            $('#clientRemoveModal').modal('show');
-        },
-
-        submit: function () {
-            $scope.clientRemove.busy = true;
-
-            Client.delOAuthClient($scope.clientRemove.client.id, function (error) {
-                $scope.clientRemove.busy = false;
-                if (error) return console.error(error);
-
-                $scope.clientRemove.client = {};
-
-                refresh();
-
-                $('#clientRemoveModal').modal('hide');
-            });
-        }
-    };
-
-
-    $scope.tokenAdd = {
-        token: {},
-        tokenName: '',
-        busy: false,
-        error: {},
-        client: null,
-
-        reset: function () {
-            $scope.tokenAdd.busy = false;
-            $scope.tokenAdd.token = {};
-            $scope.tokenAdd.error.tokenName = null;
-            $scope.tokenAdd.tokenName = '';
-            $scope.tokenAdd.client = null;
-
-            $scope.tokenAddForm.$setUntouched();
-            $scope.tokenAddForm.$setPristine();
-        },
-
-        show: function (client) {
-            $scope.tokenAdd.reset();
-            $scope.tokenAdd.client = client;
-            $('#tokenAddModal').modal('show');
-        },
-
-        submit: function () {
-            $scope.tokenAdd.busy = true;
-            $scope.tokenAdd.token = {};
-
-            var expiresAt = Date.now() + 100 * 365 * 24 * 60 * 60 * 1000;   // ~100 years from now
-
-            Client.createTokenByClientId($scope.tokenAdd.client.id, '*' /* scope */, expiresAt, $scope.tokenAdd.tokenName, function (error, result) {
-                if (error) {
-                    if (error.statusCode === 400) {
-                        $scope.tokenAdd.error.tokenName = 'Invalid token name';
-                        $scope.tokenAddForm.tokenName.$setPristine();
-                        $('#inputTokenAddName').focus();
-                    } else {
-                        console.error('Unable to create token.', error);
-                    }
-                    return;
-                }
-
-                $scope.tokenAdd.busy = false;
-                $scope.tokenAdd.token = result;
-
-                refreshClientTokens($scope.tokenAdd.client);
-            });
-        }
-    };
-
-    $scope.removeToken = function (client, token) {
-        Client.delToken(client.id, token.id, function (error) {
-            if (error) console.error(error);
-
-            refreshClientTokens(client);
-        });
-    };
-
-    $scope.removeAccessTokens = function (client) {
-        client.busy = true;
-
-        Client.delTokensByClientId(client.id, function (error) {
-            if (error) console.error(error);
-
-            client.busy = false;
-
-            refreshClientTokens(client);
-        });
-    };
-
-    function refreshClientTokens(client) {
-        Client.getTokensByClientId(client.id, function (error, result) {
-            if (error) console.error(error);
-
-            client.activeTokens = result || [];
-        });
-    }
-
-    function refresh() {
-        Client.getOAuthClients(function (error, activeClients) {
-            if (error) return console.error(error);
-
-            activeClients.forEach(refreshClientTokens);
-
-            $scope.activeClients = activeClients.filter(function (c) { return c.id !== 'cid-sdk'; });
-            $scope.apiClient = activeClients.filter(function (c) { return c.id === 'cid-sdk'; })[0];
-        });
-    }
-
-    Client.onReady(refresh);
-
-    // setup all the dialog focus handling
-    ['clientAddModal', 'tokenAddModal'].forEach(function (id) {
-        $('#' + id).on('shown.bs.modal', function () {
-            $(this).find("[autofocus]:first").focus();
-        });
-    });
-
-    $('.modal-backdrop').remove();
-}]);