Auth & Authorization

The Remote API uses a bearer token for Authentication and Authorization.

Obtaining access token

The access token change it's prefix according with the environment they were created. If the prefix is ra_live the access token are for production use, while ra_test work only in our sandbox environment

Notice that only Admins and the Owner can create and revoke API token

To create your access token, follow these steps:

  1. Go to the integrations page using the menu on the left, under the company tab.
  1. Access Remote API.
  1. Click on either the Generate token button in the card or on the Generate API token button in the header
  1. A popup will open, and we will ask for the API token name. In order to generate the access token, you also have to agree with the Remote API Terms of Use.
  1. After creating an API token, it will show a table with all the tokens linked to the company, including the new active access token you just created

How to revoke a token

  1. Access the integration page, following steps 1 and 2 described above.
  2. The screen should show a list of all your revoked access tokens and your active access token.
  3. Click the icon with the three dots, and it will open a menu with the option to Copy token and Revoke token.
  1. Click on the Revoke token option a popup will appear. If you are sure the token should be revoked, click on Revoke token button and it's done.

Performing an authenticated request

Remote tokens have two prefixes. Tokens starting with ra_live_ are meant for production use. It means they only work against the server. Tokens starting with ra_test_ work only in our sandbox environment, which is accessible by

With the token in hand, you can send a request to the Remote API and pass the token in the Authorization header.

1curl --location --request GET \
2 --header "Authorization: Bearer ra_live_32adf..." \
3 --header "Content-Type: application/json" \