diff --git a/TShockAPI/ConfigFile.cs b/TShockAPI/ConfigFile.cs
index 64c9fabb..46c99fab 100644
--- a/TShockAPI/ConfigFile.cs
+++ b/TShockAPI/ConfigFile.cs
@@ -17,11 +17,13 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 using System;
+using System.Collections.Generic;
 using System.ComponentModel;
 using System.IO;
 using System.Linq;
 using System.Text;
 using Newtonsoft.Json;
+using Rests;
 
 namespace TShockAPI
 {
@@ -258,6 +260,9 @@ namespace TShockAPI
 			"Whether the REST API should use the new permission model. Note: The old permission model will become depracted in the future."
 			)] public bool RestUseNewPermissionModel = true;
 
+        [Description("A dictionary of REST tokens that external applications may use to make queries to your server.")]
+            public Dictionary<string, SecureRest.TokenData> ApplicationRestTokens = new Dictionary<string, SecureRest.TokenData>();
+
         /// <summary>
         /// Reads a configuration file from a given path
         /// </summary>
diff --git a/TShockAPI/Rest/SecureRest.cs b/TShockAPI/Rest/SecureRest.cs
index d53915aa..3443d56c 100644
--- a/TShockAPI/Rest/SecureRest.cs
+++ b/TShockAPI/Rest/SecureRest.cs
@@ -37,11 +37,13 @@ namespace Rests
 		}
 
 		public Dictionary<string,TokenData> Tokens { get; protected set; }
+        public Dictionary<string, TokenData> AppTokens { get; protected set; }
 
 		public SecureRest(IPAddress ip, int port)
 			: base(ip, port)
 		{
 			Tokens = new Dictionary<string, TokenData>();
+            AppTokens = new Dictionary<string, TokenData>();
 
 			Register(new RestCommand("/token/create/{username}/{password}", NewToken) { DoLog = false });
 			Register(new RestCommand("/v2/token/create/{password}", NewTokenV2) { DoLog = false });
@@ -50,9 +52,14 @@ namespace Rests
 
 			foreach (KeyValuePair<string, TokenData> t in TShockAPI.TShock.RESTStartupTokens)
 			{
-				Tokens.Add(t.Key, t.Value);
+				AppTokens.Add(t.Key, t.Value);
 			}
 
+            foreach (KeyValuePair<string, TokenData> t in TShock.Config.ApplicationRestTokens)
+            {
+                AppTokens.Add(t.Key, t.Value);
+            }
+
 			// TODO: Get rid of this when the old REST permission model is removed.
 			if (TShock.Config.RestApiEnabled && !TShock.Config.RestUseNewPermissionModel)
 			{
@@ -163,7 +170,7 @@ namespace Rests
 
 			SecureRestCommand secureCmd = (SecureRestCommand)cmd;
 			TokenData tokenData;
-			if (!Tokens.TryGetValue(token, out tokenData))
+            if (!Tokens.TryGetValue(token, out tokenData) && !AppTokens.TryGetValue(token, out tokenData))
 				return new RestObject("403")
 				{ Error = "Not authorized. The specified API endpoint requires a token, but the provided token was not valid." };