API Tokens
Qwoty uses API tokens to authenticate requests. You can generate and manage API tokens from your dashboard under Settings → Developer → API Tokens.Authentication Header
Include your API token in theAuthorization header of each request:
Using the API Playground
To test endpoints in the documentation:- Look for the Authorize button (🔒) in the top-right corner of any API endpoint page
- Click it and paste your token (with or without “Bearer ” prefix)
- The token will be automatically included in all subsequent requests
- Open any endpoint
- Find the “Headers” section
- Add:
Authorization: Bearer qwoty_your_token
Complete Example
Token Format
API tokens follow this format:- Prefix:
qwt_prod_ - Length: Variable, typically 64-128 characters
- Example:
qwt_prod_e75fc200cd7ea8da9bebf...
Workspace Scope
Each API token is scoped to a specific workspace. All API operations will:- Only access data within that workspace
- Respect the token’s permissions
- Enforce workspace-level rate limits
Security Best Practices
Store Tokens Securely
Store Tokens Securely
- Use environment variables - Never commit tokens to version control - Rotate tokens regularly - Use different tokens for different environments (dev, staging, production)
Token Permissions
Token Permissions
Each token has specific permissions. Create tokens with minimal required
permissions for each use case.
Revoke Compromised Tokens
Revoke Compromised Tokens
If a token is compromised, immediately revoke it from your dashboard and
generate a new one.
Error Codes
Authentication Errors
| Status Code | Error | Description |
|---|---|---|
401 | Unauthorized | Missing or invalid API token |
403 | Forbidden | Token doesn’t have permission for this operation |