Using your token in API requests

Every request sent to Ubidots requires a token. A token is a unique key that authorizes requests sent to Ubidots.

Tokens valid for 6 hours and can be generated using your account’s API Key. The API token is found under the My Profile section on industrial.ubidots.com. More information about how to obtain your token.

There are two ways to send a token in a request:

Sending the token in the Header (recommended):
X-Auth-Token=token
Sending the token as query parameter:
?token=token

While sending your token as a query parameter might be more straightforward, we only advise doing so in prototyping stages as the token is visible and thus a lot less secure. For production stages, we strongly advise sending the token in the X-Auth-Token header.

🚧
Authentication without Header - Not Recommended!
While it is possible to send the authentication token as a query parameter, sparing the X-Auth-Token header, it is much less secure. Including a token -or any security credential- in a URL path will make it easily readable in router logs, browsers' history, and packet sniffers.

//Example Request to create a device with Token in the Header

curl -X POST 'https://industrial.api.ubidots.com/api/v2.0/devices/' \
 -H 'Content-Type: application/json' \
 -H 'X-Auth-Token: oaXBo6ODhIjPsusNRPUGIK4d72bc73' \
 -d '{}'
 
 
 //Example Request to GET all devices with Token sent as Query Parameter
 
 curl -X GET 'https://industrial.api.ubidots.com/api/v2.0/devices/?token=asdf657asdf675asdf876asdf' \

Get an API Token

There are two ways to get an API token:

1. In your account

The API token is found under the My Profile section on industrial.ubidots.com:

2. Through the API

A more secure way is to implement a logic in your device, gateway or external application to generate temporary tokens before every request, using your account's API key. Your API key can also be found in your account's "My Profile" section.

To generate tokens, make a request to this endpoint:

Request

HTTP Method	URL
`POST`	`https://industrial.api.ubidots.com/api/v1.6/auth/token`

Headers

Header	Value
`x-ubidots-apikey`	Your API Key

Sample response

{
    "token": "BBFF-nQ5jCC445FfClcKLCQ55YhnTb2oh6knHsZO55JAvogLSrcHK7WxoPJU"
}

3. Using OAuth2

For those building web or mobile applications on top of Ubidots, we support requesting API bearer tokens using OAuth2. Check out the OAuth2 section to learn more.