Authentication

  • Updated on Oct 27, 2024
  • Published on Mar 23, 2023
  • 2 minute(s) read

Torq REST API uses bearer tokens to authenticate requests. Generate a bearer token by sending a request to the Torq authentication server. In the request to the authentication server, provide your Torq API key, which consists of a client ID and client secret. After a successful request to the authentication server, you'll receive a bearer token that you can pass in the Authorization header for all Torq API requests.

🗒️ NOTE
A bearer token is valid for one hour (3,600 seconds).

Create an API key

The API key consists of a client_id and client_secret. These credentials are used to authenticate when you request a bearer token.

API keys are workspace-specific. This means that requests are made on the workspace where the API key used to create the bearer token was created. Make sure the API key you're using to generate the bearer token was created in the workspace you want to run the requests on.

NOTE
Find more information on creating personal and service API keys here.
  1. In Torq, click your user icon/avatar.
  2. Click API Keys > Create API Key.
  3. Give the API key a meaningful name and click Create.
  4. Copy the Client ID and Client Secret to a safe place. You won't be able to access the Client Secret later.

Generate a bearer token

To generate a bearer token, send a request to the appropriate authentication endpoint: https://auth.torq.io/v1/auth/token or, for users on the eu.torq.io domain, https://auth.eu.torq.io/v1/auth/token. See the example request below.

IMPORTANT
If you're using the eu.torq.io domain, make sure to update the API base URL accordingly. Learn more.

Sample request - cURL

Replace <CLIENT_ID> and <CLIENT_SECRET> with the client ID and client secret you received when you created the API key.

curl POST https://auth.torq.io/v1/auth/token -H "Accept: application/json"  -H "Accept-Language: en_US"  -u "<CLIENT_ID>:<CLIENT_SECRET>"  -d "grant_type=client_credentials"

Sample response - cURL

The bearer token is the value of the access_token key.

You will pass this token in the authorization header for all API requests: Authorization: Bearer <token>.

{"access_token":"81b15ad9-****-2245-****-f05p37053b25","expires_in":3600,"token_type":"Bearer"}

Sample request - Torq

You can generate the bearer token in Torq by using the Send an HTTP Request step. You need to add a body field for the grant type.

FieldValue
URLhttps://auth.torq.io/v1/auth/token
MethodPOST
AuthorizationBasic
UsernameThe client_id you received when you created the API key.
PasswordThe client_secret you received when you created the API key.
Content typeapplication/x-www-form-urlencoded
Type
  • Name: grant_type
  • Value: client_credentials

Sample response - Torq

{
  "api_object": {
    "access_token": "8266095f-****-****-****-203a47f40c06",
    "expires_in": 3600,
    "token_type": "Bearer"
  },
  "headers": {
    "Access-Control-Allow-Credentials": "true",
    "Access-Control-Allow-Origin": "https://app.torq.io",
    "Cache-Control": "no-store",
    "Content-Length": "96",
    "Content-Type": "application/json;charset=UTF-8",
    "Date": "Mon, 21 Mar 2022 15:00:02 GMT",
    "Pragma": "no-cache",
    "Strict-Transport-Security": "max-age=15724800; includeSubDomains"
  },
  "status_code": 200,
  "step_status": {
    "code": 1,
    "message": "",
    "verbose": ""
  }
}