Orbit offers two types of API tokens to authorize access to the API.
API Token Types
User API Tokens
- You can find your API tokens on the Account Settings page.
- These tokens are associated to your own user account, activity via the API that uses this token will be attributed to you.
- You only have one token per user
A screenshot of the API token in the Account Settings page.
Workspace API Tokens
- You can find Workspace API tokens on your Workspace Settings page (Workspace Owners only).
- These tokens are associated with your workspace.
- Activity via the API that uses these tokens will be attributed to the name you give the token when it is created.
- You can set up as many Workspace API tokens as you need, this helps to split up different services and allow for greater security.
- Only Orbit workspace owners can access and create new Workspace API tokens
Workspace API Tokens in the Orbit application settings
Which token type should I use?
It depends on your use case but a good example would be if an external service is going to be using the Orbit API on behalf of you, a user, then your personal token would be suitable for this.
If you are using a bot, or Zapier, or a service that multiple users have access to, a Workspace API token would be a better choice. You can set one up for every API integration you create, and have central control over revocation and regeneration of the token.
There is no difference in API functionality regardless of what token you use.
Authorizing your API requests
Bearer Token
Our API expects that your API token is included in the Authorization header of your API request.
We use Bearer Token Authentication. This means that you must format the content of your Authorization header like this:
Bearer <your-user-or-workspace-api-token>
To try out API requests right from your browser here in the documentation, you need to enter Bearer <your-user-or-workspace-api-token> inside the authorization prompt after clicking the "Try It" button on any API reference page.