The API uses JSON Web Token (JWT) to authenticate requests. Each call to a API method must include a valid token that is obtained by authenticating with
To get it you need to send your username and password over basic http authentication and receive a bearer token in response.

Demo access

Demo API key (Username) to get a token:


No password

Demo Token:


Access to Demo group


Write to to get a license.

Get Bearer Token

You authenticate yourself using basic authentication (username, password) when you get bearer token. The Authorization is set in the HTTP header. The type is Basic and the credentials are a base64-encoded string consisting of the username and password joined with a colon (i.e., username:password).
To get bearer token with api key, provide key as the basic auth username value. You do not need to provide a password. Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Request Headers
   Authorization: Basic base64({username}:{password})

Success responce:

Status 200 OK

    "token": "eyJhbGciOiJSUzI1Ni...m9lG-JA"


FieldRequiredDefault Value/Description
tokenYesAuthentication token to be used for all other API calls. The token must be sent in the authorization header in the format:
Authorization: Bearer <authentication-token>


400 BadRequestUsername and/or password is not specified
401 UnauthorizedUsername and/or password that was sent with the login request is invalid

Authorizing API calls

For your initial call, use your username and password for basic authentication. For all other secure interactions, you must use the bearer token that is returned after a successful authentication.


The tokens are sent in the authorization header of the HTTP request for many of API calls. In particular, notice in the following example that the type of authorization that is used with this token is Bearer.

HTTP-METHOD /secured-path
Request Headers
   Authorization: Bearer {your-auth-token}

For all secured paths, we validate the token. During validation, if a token is found to be expired, that token is removed from the system. Upon successful validation, the request is allowed to proceed. Requests made with an invalid token receive a 401 Unauthorized error code.