Authentication

Authentication is performed using a Bearer access token. The token grants access to data belonging to a specific organization.

Using the Token

The token must be included in every HTTP request to the API via the Authorization header:

Authorization: Bearer <your-access-token>

Token Management

You can issue and revoke tokens at any time via the organization page in Studio.
Tokens are 64-character alphanumeric strings (A-Za-z0-9) with no identifiable prefixes or structure, making them harder to detect in public sources (e.g., Git repositories).
Tokens are displayed only once at the time of creation. After that, they cannot be revealed again.
It is your responsibility to store tokens securely and never expose them publicly.

WARNING

Leaking a token may result in unauthorized access to sensitive data, including personal data of your users.

Expiration and Security

Each token can have an expiration time after which it becomes invalid.
The recommended default lifetime is 1 month.
You can view the last time a token was used to help monitor its activity. If in doubt, always revoke and reissue the token.

Access Scope

At this time, the API only supports read-only operations. As such, tokens are not scoped and provide access to all resources within the organization.

Widget flow

Node types

Authentication

Using the Token

Token Management

Expiration and Security

Access Scope

Authentication ​

Using the Token ​

Token Management ​

Expiration and Security ​

Access Scope ​

Authentication

Using the Token

Token Management

Expiration and Security

Access Scope