Using Access Tokens - API Authentication Examples
API Authentication
Access tokens are used in API requests via the Authorization header:
curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
https://api.example.com/v1/endpointToken Format
- Tokens are long alphanumeric strings
- Include the full token in the Authorization header
- Use the format:
Bearer <token>
Common Use Cases
CI/CD Pipelines
Authenticate automated test runs:
# Example: Running tests in CI/CD
curl -H "Authorization: Bearer $ACCESS_TOKEN" \
-X POST \
https://api.example.com/v1/test-runsIntegration Services
Connect third-party tools (Zapier, Jenkins, etc.):
# Example: Zapier webhook
curl -H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"data": "..."}' \
https://api.example.com/v1/webhookAutomation Scripts
Run scheduled tasks and reports:
# Example: Python script
import requests
headers = {
"Authorization": "Bearer YOUR_ACCESS_TOKEN",
"Content-Type": "application/json"
}
response = requests.get(
"https://api.example.com/v1/test-cases",
headers=headers
)API Clients
Build custom integrations:
// Example: JavaScript/Node.js
const axios = require('axios');
const client = axios.create({
baseURL: 'https://api.example.com/v1',
headers: {
'Authorization': 'Bearer YOUR_ACCESS_TOKEN'
}
});
client.get('/test-runs')
.then(response => console.log(response.data));Security Considerations
- Never Commit Tokens: Never commit tokens to version control
- Use Environment Variables: Store tokens in secure environment variables
- Rotate Regularly: Periodically create new tokens and revoke old ones
- Monitor Usage: Regularly review token usage and disable unused tokens
- Revoke Compromised Tokens: Immediately delete tokens if they’re exposed
Next Steps
- Learn about Roles to understand token scopes and permissions
- Explore API Documentation for API endpoint details
- Read about Security Best Practices for secure token management
Was this page helpful?