#Authentication

#Generating an API token

You can generate API tokens for the Worksome API via our authentication platform, Authsome.

You can view your existing tokens, as well as create new ones, from the dashboard.

The API token is in JWT format, with a registered list of scopes. When generating your API token, by default it will include access to all account scopes that your authenticated user has access to (e.g. company:123).

#Authenticating with the API

All API calls that require authentication must provide a standard Authorization header using the Bearer authentication scheme.

To make a test request via curl, run the command below with your token:

curl -H "Authorization: Bearer ${WORKSOME_API_TOKEN}" -X POST -d " \
 { \
   \"query\": \"query { profile { name }}\" \
 } \
" https://api.worksome.com/graphql

The string value of “query” must escape newline characters or the schema will not parse it properly. For the POST body, use outer double quotes and escaped inner double quotes.

#Token expiration

By default, generated API tokens are valid for a year from creation. Upon reaching your token’s expiration date, the token is automatically revoked.

#Revoking a token

Tokens can be manually revoked via the Authsome dashboard. This is useful for when the token is no longer necessary, or for security purposes.