Use access tokens to authenticate Hawzu API requests from automation, CI/CD jobs, scripts, and external integrations.
Access tokens do not provide Hawzu web access. They are used only for API requests.
Send the token in the Authorization header.
Authorization: Bearer <ACCESS_TOKEN>Use the full token value that was copied from the Access Token Created window.
Use this request to verify that the token can authenticate and see its available workspace.
curl -X GET https://api.hawzu.com/api/v1/workspaces \
-H "Authorization: Bearer $HAWZU_ACCESS_TOKEN"Learn more: List Workspaces
Use a workspace token or a project token with access to the relevant workspace and project data.
curl -X GET https://api.hawzu.com/api/v1/workspace/{workspaceId}/projects \
-H "Authorization: Bearer $HAWZU_ACCESS_TOKEN"Learn more: List Projects
Use a project token assigned to the project, or a workspace token with access to the project.
curl -X GET https://api.hawzu.com/api/v1/workspace/{workspaceId}/project/{projectId}/testcases \
-H "Authorization: Bearer $HAWZU_ACCESS_TOKEN"Learn more: List Testcases
The token can only perform actions allowed by its assigned roles.
If a request fails because of access, check whether the token is assigned to the correct workspace or project and whether the selected role allows the requested action.
Requests using a token can stop working when:
Disable pauses access temporarily. Revoke removes the token permanently.
Keep tokens in:
Do not place tokens in source code, screenshots, shared documents, or logs.