Authenticating APIv2 calls with Personal Access Tokens - HL Vanilla Community
<main> <article class="userContent"> <p>The APIv2 supports two means of authentication, and both require an access token.</p><h2 data-id="http-header">HTTP header</h2><p>To authenticate with the <strong>HTTP header,</strong> pass the access token in the <strong>Authorization</strong> field with the bearer scheme.</p><pre class="code codeBlock" spellcheck="false" tabindex="0">Authorization: Bearer <your_jwt_token> </pre><p><strong>✔️ TIP</strong>: This is the preferred way of authenticating against the API because headers are not usually logged on servers. If you're making server-to-server calls, it's worth looking up how to add custom headers in your API client.</p><h2 data-id="query-string-parameter">Query string parameter</h2><p>If you can’t add a custom header or you want to avoid pre-flight requests, you can pass the access token in the query string using the <code class="code codeInline" spellcheck="false" tabindex="0">access_token</code> parameter.</p><h2 data-id="generate-an-access-token">Generate an access token</h2><p>Currently, you can obtain a personal access token from your user profile. These access tokens are meant for server-to-server integrations, and should not be exposed to HTML pages. </p><p>To obtain a personal access token:</p><p>1. Click the <strong>MeBox</strong>, followed by your <strong>profile picture</strong>.</p><p>2. On the resulting page, select <strong>Edit Profile</strong> from the dropdown.</p><div class="embedExternal embedImage display-large float-none"> <div class="embedExternal-content"> <a class="embedImage-link" href="https://us.v-cdn.net/6030677/uploads/6WL07GH52ES0/edit-profile-updated.png" rel="nofollow noreferrer noopener ugc" target="_blank"> <img class="embedImage-img" src="https://us.v-cdn.net/6030677/uploads/6WL07GH52ES0/edit-profile-updated.png" alt="edit_profile_UPDATED.png" height="433" width="852" loading="lazy" data-display-size="large" data-float="none"></img></a> </div> </div> <p>3. Click <strong>Access Tokens</strong> in the right-hand sidebar.</p><p>4. Click <strong>Generate New Token</strong>.</p><div class="embedExternal embedImage display-large float-none"> <div class="embedExternal-content"> <a class="embedImage-link" href="https://us.v-cdn.net/6030677/uploads/8ZITTKN5QF5S/generate-token-2.png" rel="nofollow noreferrer noopener ugc" target="_blank"> <img class="embedImage-img" src="https://us.v-cdn.net/6030677/uploads/8ZITTKN5QF5S/generate-token-2.png" alt="generate_token-2.png" height="536" width="1114" loading="lazy" data-display-size="large" data-float="none"></img></a> </div> </div> <p>5. Give the token a name that will help you remember its use.</p><p>6. Click <strong>Generate </strong>to generate the token and copy the value into your app.</p><h3 data-id="note">Note</h3><ul><li>This requires the <code class="code codeInline" spellcheck="false" tabindex="0">Garden > Tokens > Add</code> permission in Roles and Permissions for the relevant Role. </li><li>API calls using a token will reflect the permissions of the user who generated the token.</li></ul> </article> </main>