Skip to main content

API Key / Bearer tokens (V5 and V4)

Along with V5 release, we set up a new authentication protocol to introduce more security and flexibility in our API access management.


You can from now ask our Support Team for an API Key.

Token generation#

An API Key looks like an non-intelligible characters chain such as qhdfbvdh747R49FRHrthqhdfbvdh74 that you will have to use to generate an access token with a limited time-to-live (15 minutes).

To generate a token, call this url :

GET https://api.actito.com/auth/token

with your API Key in the Authorization header :

curl  -X GET 'https://api.actito.com/auth/token' \  -H 'Authorization: qhdfbvdh747R49FRHrthqhdfbvdh74' \  -H 'Accept: application/json'

If the API Key you provide is wrong or revoked, you'll receive a 401 UNAUTHORIZED http status code.


If OK, you'll receive a JSON Web Token like this :

{  "accessToken": "AAAAAAAAAAAAAAAAAAAAAMLheAAAAAAA0%2BuSeid%2BULvsea4JtiGRiSDSJSI%3DEUifiRBkKG5E2XzMDjRfl76ZC9Ub0wnz4XsNiRVBChTYbJcE3F",  "tokenType": "bearer",  "expiresIn": "900s",  "scope": "read write",  "jti": "ce6c1d3c-ab49-4b62-8f4c-964351ac5d58"}

API calls with generated token#

The accessToken property of the generated JSON Web Token will have to be passed as a Bearer Authorization header in every API call you'll make.

For example :

curl    -X GET 'https://api.actito.com/v5/entities/MyEntity/etls' \    -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI0IiwiaWF0IjoxNTg2ODY1MjE1LCJpc3MiOiJhY3RpdG8iLCJleHAiOjE1ODY4NjYxMTUsImxpY2VuY2VJZCI6MTI3NDAsImFjY291bnRJZCI6MTIsInBvbCI6Im1haW5Qb2xpY3lBcGkiLCJzdWIiOiI2ZWY3YjZmYS0wYTc1LTQ1YTYtYmE5My1iZGY5MmUyZjg3NDAifQ.umizXm0TueN6jRkMCaz9AnQP30qNxud5XIxnZiPzz24L8Aon7WKeJ8_49xcjsTe_v13nv4AI9991Mw_k9bvQffT__eikkv9UMmZ22wvQr5UxCH5Y-NkxFRctEGLjmkEdFFe2EuOkF1GjsIetPrJgY-_L6bpoa3G0o69IWavBIFowQtw_q0FOPaZ_JtBLiDiFH59IM5s4-8S-QAhGkGgjOhTzqBTyDBGj8cqnhvr9eFwgoxGSAZ1QLGU5yTRyIJm8Uaq97M5UhKn98ixK4oQhQvVKwW9MDgGyf0jLFLEFO7l9kyFON34OsxiTyK58U_OFJzehgxqRokBE3wXWo9rKEA"  \    -H 'Accept: application/json'

If provided token is valid, you will received the requested API answer.

If expired or unknown, you'll receive a 401 UNAUTHORIZED http status code.


If expired you should generate a new access token.