API Client Bearer Token endpoint

The API Client Bearer Token endpoint and fields are described below including details of the supported RESTful CRUD verbs. For details of the conventions of the API see the general conventions.

Endpoint path prefix: 

/n/v1/apiclientbearertoken/

apiclientbearertoken was introduced in API version V1

API Client Bearer Token has not been marked for deprecation

Description

Endpoint used to issue new bearer tokens for an API client. Actual the token is only returned on create and an obfuscated token is returned on read.

Multiple bearer tokens can be assigned for a client.
It is recommended to use token expiration and rotate tokens.
For client side or tokens which are distributed, create a separate API client with restricted permissions and roles.
Bearer tokens can be revoked if they are known to be compromised. You will be notified and the expiration set accordingly.
New bearer token values are only returned on CREATE / POST

Verbs / methods

This endpoint supports the following CRUD operations in line with our API conventions. See the conventions section for more details.

CREATE HTTP POST

Request payload

API Client Bearer Token reference

{
  "urn" : "eea7299a-d10c-47c5-be79-599b40812861",
  "apiClient" : {
    "urn" : "3d059a42-2095-4d19-aea9-3243787e1ccd"
  },
  "expirationTimestamp" : "2026-07-04T14:34:19.61"
}

Response payload

API Client Bearer Token reference
Representation of a bearer token used to authenticate an API request

{
  "urn" : "eea7299a-d10c-47c5-be79-599b40812861",
  "apiClient" : {
    "urn" : "3d059a42-2095-4d19-aea9-3243787e1ccd"
  },
  "bearerToken" : "gpxz7H...",
  "expirationTimestamp" : "2026-07-04T14:34:19.611"
}

Response codes / scenarios

  • CREATE_SUCCESS

    API code CREATE_SUCCESS HTTP status code 201 : When the representation provided was successfully created return HTTP created (201). Note that when other context like authorisation and permissions are satisfied but the representation is invalid or missing required information typically a error representation with details of the missing information may be returned instead with REPRESENTATION_MISSING_REQUIRED_FIELD api error for example

  • INVALID_REPRESENTATION

    API code INVALID_REPRESENTATION HTTP status code 400 : When creating or updating a representation and the provided representation is invalid. May include an error representation with details of the issue

READ HTTP GET

Response example

API Client Bearer Token
Representation of a bearer token used to authenticate an API request

{
  "urn" : "eea7299a-d10c-47c5-be79-599b40812861",
  "apiClient" : {
    "urn" : "3d059a42-2095-4d19-aea9-3243787e1ccd"
  },
  "bearerToken" : "2W-hwj...",
  "expirationTimestamp" : "2026-07-04T14:34:19.611"
}

Response codes / scenarios

  • READ_SUCCESS

    API code READ_SUCCESS HTTP status code 200 : On read when the request is successful. The returned representation is given with the relevant 2XX HTTP code without further detail.

  • NOT_FOUND

    API code NOT_FOUND HTTP status code 404 : When the request referenced a representation or a concept that was not found including other request context requirements. Note that if a request is missing other concepts including authorisation, permissions or restrictions on the visibility HTTP not found (404) will typically be returned. Note that when creating a representation if the owner or other references can't be resolved the endpoint may return not found.

UPDATE HTTP PUT

Response example

API Client Bearer Token
Representation of a bearer token used to authenticate an API request

{
  "urn" : "eea7299a-d10c-47c5-be79-599b40812861",
  "apiClient" : {
    "urn" : "3d059a42-2095-4d19-aea9-3243787e1ccd"
  },
  "bearerToken" : "cR6cHT...",
  "expirationTimestamp" : "2026-07-04T14:34:19.612"
}

Response codes / scenarios

  • UPDATE_SUCCESS

    API code UPDATE_SUCCESS HTTP status code 202 : When creation was successful and the representation was created. Returns HTTP accepted (202) response and typically includes the representation of the created representation for reference. Note that CREATE / UPDATE can trigger async operations after the representation is accepted which can update state.

  • INVALID_REPRESENTATION

    API code INVALID_REPRESENTATION HTTP status code 400 : When creating or updating a representation and the provided representation is invalid. May include an error representation with details of the issue

DELETE HTTP DELETE

Response codes / scenarios

  • DELETE_SUCCESS

    API code DELETE_SUCCESS HTTP status code 202 : When deletion of a representation was successful. Note that returns HTTP accepted (202) to represent the success of the deletion state transfer rather than HTTP gone (410) as 4XX represent client errors for semantic consistency

  • NOT_FOUND

    API code NOT_FOUND HTTP status code 404 : When the request referenced a representation or a concept that was not found including other request context requirements. Note that if a request is missing other concepts including authorisation, permissions or restrictions on the visibility HTTP not found (404) will typically be returned. Note that when creating a representation if the owner or other references can't be resolved the endpoint may return not found.