The API uses JSON Web Token (JWT) to authenticate requests. Each call to a API method must include a valid token that is obtained by authenticating with
To get it you need to send your username and password over basic http authentication and receive a bearer token in response.

Get Bearer Token

You authenticate yourself using basic authentication (username, password) when you get bearer token. The Authorization is set in the HTTP header. The type is Basic and the credentials are a base64-encoded string consisting of the username and password joined with a colon (i.e., username:password).
To get bearer token with api key, provide key as the basic auth username value. You do not need to provide a password. Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Request Headers
   Authorization: Basic base64({username}:{password})

Success responce:

Status 200 OK

    "token": "eyJhbGciOiJSUzI1Ni...m9lG-JA"


Field Required Default Value/Description
token Yes Authentication token to be used for all other API calls. The token must be sent in the authorization header in the format:
Authorization: Bearer <authentication-token>


Status Description
400 BadRequest Username and/or password is not specified
401 Unauthorized Username and/or password that was sent with the login request is invalid

Authorizing API calls

For your initial call, use your username and password for basic authentication. For all other secure interactions, you must use the bearer token that is returned after a successful authentication.


The tokens are sent in the authorization header of the HTTP request for many of API calls. In particular, notice in the following example that the type of authorization that is used with this token is Bearer.

HTTP-METHOD /secured-path
Request Headers
   Authorization: Bearer {your-auth-token}

It is possible to send tokens as URI query-string parameters, but we don't recommend it, because URI parameters can end up in log files that are not completely secure.

HTTP-METHOD /secured-path?token={your-auth-token}

For all secured paths, we validate the token. During validation, if a token is found to be expired, that token is removed from the system. Upon successful validation, the request is allowed to proceed. Requests made with an invalid token receive a 401 Unauthorized error code.

Demo access

Demo API key (Username) to get a token:


No password

Demo Token:



Write to to get a license.