Skip to main content

API Key / Bearer tokens (V5 and V4)

For security and flexibility, our API access is protected by an API Key authentication.
To get an API Key, an API user must be created through Actito portal by the administrator of your license.

Please, follow this link to understand how to create and manage API user.

Be aware that all our API routes have specific access rights that should be granted to your API Key so as you can call them.
Comprehensive available access rights are listed here. Each API route's access right is described in the corresponding API Reference specification.

Token generation#

An API Key looks like an non-intelligible characters chain such as qhdfbvdh747R49FRHrthqhdfbvdh74 that you will have to use to generate an access token with a limited time-to-live (15 minutes).

To generate a token, call this url :


with your API Key in the Authorization header :

curl  -X GET '' \  -H 'Authorization: qhdfbvdh747R49FRHrthqhdfbvdh74' \  -H 'Accept: application/json'

If the API Key you provide is wrong or revoked, you'll receive a 401 UNAUTHORIZED http status code.

If OK, you'll receive a JSON Web Token like this :

{  "accessToken": "AAAAAAAAAAAAAAAAAAAAAMLheAAAAAAA0%2BuSeid%2BULvsea4JtiGRiSDSJSI%3DEUifiRBkKG5E2XzMDjRfl76ZC9Ub0wnz4XsNiRVBChTYbJcE3F",  "tokenType": "bearer",  "expiresIn": "900s",  "scope": "read write",  "jti": "ce6c1d3c-ab49-4b62-8f4c-964351ac5d58"}

API calls with generated token#

The accessToken property of the generated JSON Web Token will have to be passed as a Bearer Authorization header in every API call you'll make.

For example :

curl    -X GET '' \    -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI0IiwiaWF0IjoxNTg2ODY1MjE1LCJpc3MiOiJhY3RpdG8iLCJleHAiOjE1ODY4NjYxMTUsImxpY2VuY2VJZCI6MTI3NDAsImFjY291bnRJZCI6MTIsInBvbCI6Im1haW5Qb2xpY3lBcGkiLCJzdWIiOiI2ZWY3YjZmYS0wYTc1LTQ1YTYtYmE5My1iZGY5MmUyZjg3NDAifQ.umizXm0TueN6jRkMCaz9AnQP30qNxud5XIxnZiPzz24L8Aon7WKeJ8_49xcjsTe_v13nv4AI9991Mw_k9bvQffT__eikkv9UMmZ22wvQr5UxCH5Y-NkxFRctEGLjmkEdFFe2EuOkF1GjsIetPrJgY-_L6bpoa3G0o69IWavBIFowQtw_q0FOPaZ_JtBLiDiFH59IM5s4-8S-QAhGkGgjOhTzqBTyDBGj8cqnhvr9eFwgoxGSAZ1QLGU5yTRyIJm8Uaq97M5UhKn98ixK4oQhQvVKwW9MDgGyf0jLFLEFO7l9kyFON34OsxiTyK58U_OFJzehgxqRokBE3wXWo9rKEA"  \    -H 'Accept: application/json'

If provided token is valid, you will received the requested API answer.

If expired or unknown, you'll receive a 401 UNAUTHORIZED http status code.

If expired you should generate a new access token.