Authenticating APIv2 calls with Personal Access Tokens - Vanilla Success
<main> <article class="userContent"> <p>The API supports two means of authentication. Both require an access token.</p><h2 data-id="http-header">HTTP Header</h2><p>To authenticate with the HTTP header, pass the access token in the <strong>Authorization</strong> field with the bearer scheme.</p><pre class="code codeBlock" spellcheck="false" tabindex="0">Authorization: Bearer <your_jwt_token> </pre><p>This is the preferred way of authenticating against the API because headers are not usually logged on servers. If you are making server to server calls its worth looking up how to add custom headers in your API client.</p><h2 data-id="query-string-parameter">Query String Parameter</h2><p>If you can’t add a custom header or you want to avoid pre-flight requests, you can pass the access token in the query string using the <code class="code codeInline" spellcheck="false" tabindex="0">access_token</code>parameter.</p><h2 data-id="access-tokens">Access Tokens</h2><p>Currently, you can obtain a personal access token from your profile. These access tokens are meant for server to server integrations and should not be exposed to HTML pages. To obtain a personal access token do the following:</p><ol><li>From the me box click “Edit Profile”. You can also do this from your own profile page.</li><li>Click the “Access Tokens” menu item.</li><li>Click “Generate New Token”.</li><li>Give the token a name that will help you remember its use.</li><li>Click “Generate” to generate the token and copy the value into your app.</li></ol><p>Please note:</p><ul><li>This requires the “Token - Add” permission in Roles and Permissions for the relevant role. </li><li>API Calls using a token will reflect the permissions of the user who generated the token.</li></ul> </article> </main>