Skip to main content

API Token Introduction

The API Token is an encrypted string that contains authentication and authorization coding. This includes any privileges the user or account affords. Being encrypted means the API Token is safe to expose in frontend code. It is time sensitive and expires after a set amount of time.

An API Token can be created as often as needed. We recommend generating a new API Token before each endpoint use. This ensures the API Token will be valid for each call.

An active, valid API Key is required to create an API Token. This includes using the Client ID and Client Secret.

The API Token is an OAuth 2.0 client credentials authorization process. The Client Credentials Flow is an OAuth 2.0 authorization grant in which a server-side application obtains an access token using its client credentials (Client ID and Client Secret) to access protected resources. This flow does not involve user authentication or consent.

Creating an API Token

An API Token is required for each endpoint use. You will need to know or remember the API Key's Client ID and Client Secret to create an API Token.

To create an API Token, in the API reference guide, see Creating an API Token.

Using the API Token

After creating the API Token, include it in the Authorization header of your API requests to authenticate and authorize access to the Aurora API endpoints.

Authorization: Bearer API_TOKEN