Authentication

Accessing the Clumio REST API requires authentication. To ensure data is transmitted between parties securely, each Clumio user must authenticate into the REST API using a signed JSON Web Token (JWT). These tokens store the user's ID and other critical identifying information. Unauthenticated requests generate a 401 Unauthorized HTTP status code.

Authenticating into the Clumio REST API involves the following high-level steps:

  1. Generate an API token through the Clumio UI (Account Settings > API Tokens). The API token is a long-lived JWT bearer token that can be used until it is manually refreshed or deleted. For more information about REST API authentication and generating API tokens, refer to the Clumio User Guide and select Settings > API Tokens.
  2. Send the API token as a bearer token in the Authorization header with each Clumio REST API request that requires authentication. For example,
curl -X GET \
       https://example.clumio.com/users \
       -H 'Authorization: Bearer ${BEARER_TOKEN}' \