Skip to main content
All API requests must be authenticated using an API token passed in the x-api-key header.
curl https://api.beta.ontoto.com/v1/devices \
  -H "x-api-key: <your-token>"

Generating a token

  1. In the Ontoto Dashboard sidebar, navigate to Developer → API Tokens.
  2. Click Create Token.
  3. Enter a name and optional description for the token.
  4. Set an expiry date.
  5. Choose an access scope.
  6. Click Create Token.
The token value is displayed once immediately after creation. Copy and store it securely; it cannot be retrieved again.

Access scopes

Tokens currently grant read-only access. Write access may be added in the future for programmatic device management. When creating a token, you choose one of two access modes:

All devices, groups, and sites

Grants read access to every device, device group, and site in your organisation.

Scoped access

Grants read access only to the specific resources you select. You can mix and match across three resource types:
Resource typeDescription
DeviceA single device, identified by serial number
Device groupA named group of devices
SiteA site that devices are assigned to
Permissions cannot be changed after a token is created.

Managing tokens

ActionDescription
RegenerateIssues a new token value with a new expiry date. The old token is immediately invalidated.
DeletePermanently revokes the token. This cannot be undone.