Skip to main content

API Tokens

Qwoty uses API tokens to authenticate requests. You can generate and manage API tokens from your dashboard under SettingsDeveloperAPI Tokens.

Authentication Header

Include your API token in the Authorization header of each request: 
Authorization: Bearer qwoty_your_api_token_here

Complete Example

curl https://qwoty.app/api/payment-terms \
  -H "Authorization: Bearer qwoty_your_api_token_here"
Never share your API token in publicly accessible areas such as GitHub, client-side code, or public forums.

Token Format

API tokens follow this format:
  • Prefix: qwt_prod_
  • Length: Variable, typically 64-128 characters
  • Example: qwt_prod_e75fc200cd7ea8da9bebf...

Workspace Scope

Each API token is scoped to a specific workspace. All API operations will:
  • Only access data within that workspace
  • Respect the token’s permissions
  • Enforce workspace-level rate limits

Security Best Practices

  • Use environment variables - Never commit tokens to version control - Rotate tokens regularly - Use different tokens for different environments (dev, staging, production)
Each token has specific permissions. Create tokens with minimal required permissions for each use case.
If a token is compromised, immediately revoke it from your dashboard and generate a new one.

Error Codes

Authentication Errors

Status CodeErrorDescription
401UnauthorizedMissing or invalid API token
403ForbiddenToken doesn’t have permission for this operation

Example Error Response

{
  "success": false,
  "error": "Invalid API token"
}

Need Help?

Contact our support team at [email protected] for any questions about authentication.