Access token

All HTTP requests to the API must be authorized with a JWT access token via bearer authentication. The access token must be sent in the Authorization header. Example:

curl -H "Authorization: Bearer <token>"

All API requests must be made over HTTPS. Calls made over plain HTTP will get a 301 response redirecting to their HTTPS equivalent. Calls without a valid authorization token will fail with a 401 error code.

Authentication workflow

To generate an access token, send an HTTP POST request to with a JSON body containing the following values:






The type of authorization request (in this case, using an API key and secret)


Your API key


Your API secret

Request example:

curl --request POST --url '' --header 'content-type: application/json' --data '{"type": "api-key", "key": "<Your API key>", "secret": "<Your API secret>"}'

The response will contain an access_token property with the token you should use for authorizing further requests. If there is a problem authenticating you, a 400 error is returned.

Response example:

"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"

You can generate as many tokens as you want. Tokens will expire after 24 hours so, if you are running a long-term process, make sure to regenerate a new token regularly.