Each request to an API endpoint must follow Bearer Authentication scheme, unless otherwise stated. This scheme requires specifying a token in the Authorization header of a request. A token is a unique cryptic string generated by the cloud platform. Tokens eliminate the need for passing user credentials with requests.

Such a token is issued by the /idp/token endpoint. To generate a token, refer to “Authenticating to the platform”.

For example, a request made via cURL can be as follows:

curl -s \
    --header "Authorization: Bearer 8770b34b74f9e4d9424eff50c38182bb4ae7f5596582ae61900b1b6a23e3ec58"

If the token specified in the Authorization header is, for example, expired or your account is disabled, the API will respond with a 401 status code and error details.


For security reasons, the token expiration time is set to two hours. After this time, the API will respond with a 401 status code.