This method uses a simple token-based HTTP Authentication scheme ideal for client-server configurations (i.e. native desktop or mobile clients). To acquire tokens, applications should use the Token endpoint, unless instructed otherwise by our Webmaster. Note that use of this endpoint will require an approved project registration.

Retrieving Tokens

Before you will be able to fetch a user’s token, you will first need to direct them to grant access to your application. This can be accomplished by opening the following URL in any web browser:{CLIENT_ID}/

where {CLIENT_ID} is your application’s assigned identifier. Once the user has enabled access to their account, they will be sent a verification code which they will then need to enter into your application. You will need to POST this code, along with your API Key and their username, to the Token endpoint. If everything checks out, then the server will return the user’s token.



{"APIKey": "API_KEY", "code": 123456, "username": "rhgoddard"}

If successful, this would return something like:

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 52



Note that, at any given time, tokens can be revoked or changed either by the system or the user. Your application should therefore be prepared to handle this accordingly. To fetch the new token (if applicable), simply repeat the process above.

Using Tokens

To authenticate using your token, simply include your key in the Authorization HTTP header. The key should be prefixed by the string literal “Token”, with whitespace separating the two strings.

Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b


Access to some endpoints may be limited to certain registered applications only. This method is often used with backend services that do not handle user data. To gain access to an endpoint that utilizes project-based authentication, contact our Webmaster.

Last modified: January 15, 2022