Authentication

Overview

All Management API endpoints (except the test endpoint) require authentication using a Personal API Access Token. This token is used instead of username/password for API requests.

Obtaining a Token

There are two ways to obtain a Personal API Access Token:

1. From Management Console (recommended for first-time setup)
2. From Management API (for programmatic token creation)

Method 1: From Management Console

1. Log in to the Apinizer Management Console
2. Click on the Quick Menu (user icon) → My Profile
3. Scroll to the Personal API Access Tokens section
4. Click Create API Token
5. Fill in the token details:
   • Token Name: A descriptive name for your token
   • Expiration: Choose expiration type
     • Never Expires - Token never expires
     • Select from Calendar - Choose a specific expiration date
6. Click Create
7. Copy the token immediately - it will not be shown again

Method 2: From Management API

Endpoint

POST /apiops/auth/token

Request

Headers

Header	Value
Content-Type	application/x-www-form-urlencoded
Accept	application/json

Request Body (URL Encoded)

Parameter	Value	Description
grant_type	client_credentials	OAuth2 grant type
client_id	{username}	Your Apinizer username
client_secret	{password}	Your Apinizer password

Response

Success Response (200 OK)

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 3600
}

Error Response (401 Unauthorized)

{
  "error": "unauthorized_client",
  "error_description": "Bad credentials"
}

cURL Example

curl -X POST \
  "https://demo.apinizer.com/apiops/auth/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -H "Accept: application/json" \
  -d "grant_type=client_credentials&client_id=your_username&client_secret=your_password"

Full JSON Body Example

{
  "grant_type": "client_credentials",
  "client_id": "your_username",
  "client_secret": "your_password"
}

Note: This endpoint uses application/x-www-form-urlencoded format, not JSON.

Using the Token

Include the token in the Authorization header of all API requests:

Authorization: Bearer YOUR_TOKEN

Example Request

curl -X GET \
  "https://demo.apinizer.com/apiops/projects/" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Token Security

• Never commit tokens to version control
• Store tokens securely (use environment variables or secret management)
• Rotate tokens regularly
• Revoke unused tokens from the Management Console

Token Expiration

• Tokens can be configured to never expire or expire at a specific date
• Expired tokens will return 401 Unauthorized responses
• Create a new token when your token expires

Revoking Tokens

Tokens can be revoked from the Management Console:

1. Go to My Profile → Personal API Access Tokens
2. Find the token you want to revoke
3. Click Revoke

Once revoked, the token cannot be used for API requests.

Permissions

Tokens inherit the permissions of the user who created them. Ensure your user account has the necessary roles:

• ROLE_MANAGE_PROXIES - Manage API proxies
• ROLE_DEPLOY_UNDEPLOY_PROXIES - Deploy/undeploy proxies
• ROLE_API_SECURITY - Manage connections, credentials, certificates
• ROLE_ADMIN - Full administrative access

Troubleshooting

401 Unauthorized

• Verify the token is correct (no extra spaces)
• Check if the token has expired
• Ensure the token hasn’t been revoked
• Verify the Authorization header format: Bearer {token}

Invalid Token Format

• Ensure you’re using Bearer prefix (with space)
• Check for typos in the token
• Verify the token was copied completely

Next Steps

• Learn about base URLs
• Understand error handling
• Start using the API