Deskpro Developer Starter
  • Introduction
    • Introduction
  • Embeddables
    • Website Widget
    • Form Embed
  • API Basics
    • API Introduction
    • Auth
      • API Keys
      • API Tokens
        • OAuth
        • Token Exchange Endpoint
      • Access Control
    • API Reference
    • Request Format
    • Batch Requests
    • Sideloading
    • SDKs
  • Getting Started with the API
    • PHP
      • Initialize the client
      • Add a form
      • Create an article
      • Tickets
      • Methods
    • JavaScript
      • Initialize the client
      • Add a form
      • Create an article
      • Methods
Powered by GitBook
On this page
  1. API Basics
  2. Auth
  3. API Tokens

Token Exchange Endpoint

A simple way to get an API token is to use the api_tokens endpoint. This endpoint accepts an email address and password, and returns you an API token that you can use from that point forward.

This is an open API (so it doesn't require an API key to use). The purpose for this was originally to allow developers to use a custom login form. This is not very secure because your script needs to accept the user password and pass it on to the API -- so there's more surface area for things to go wrong and have a password leaked.

Additionally, this method does not work with any external auth providers you might set up in Deskpro (e.g. SAML, Google Apps, etc).

Here's an example

curl -X POST -H "Content-Type: application/json" \
    -d '{"email": "john@example.com", "password": "foobar"}' \
    http://example.com/api/v2/me
{
    "person_id": 5,
    "token": "X:XXX",
    ...
}

To use a token, use the Authorization header like you would with an API key except instead of the string "key" use the string "token":

curl -H "Authorization: token X:XXX" \
    http://example.com/api/v2/me
PreviousOAuthNextAccess Control

Last updated 3 years ago