Almost all requests made to the Humanitec API require authentication. Humanitec provides two ways of authenticating with the API: Bearer
and JWT
. JWT
is mostly relevant when working with our API. Please refer to our API Documentation to learn more about this authentication. This section explains the Bearer
token as well as how to manage API Tokens.
The Bearer Authentication makes use of a static token. It is intended to be used when machines interact with the Humanitec API. Bearer tokens should be used for very narrow purposes. This allows for the token to be revoked if it is compromised and so limits the scope of exposure.
New Bearer Tokens can be obtained from the Organization Settings.
Select the API tokens tab.
Enter a Token ID for the new token and click on Generate new token.
You can use the same view as you use to create a Bearer Token to view the token by clicking on Show. The view with the visible Bearer Token also allows you to revoke the token.
Note that each new CI pipeline integration you are creating also generates a new Bearer Token that you can review and revoke as described above.