Every request sent to Ubidots requires a token. A token is a unique key that authorizes requests sent to Ubidots.

Get an API token

There are two ways to get an API token:

1. In your account

The API token is found under the My Profile section on industrial.ubidots.com:

2. Through the API

A more secure way is to implement a logic in your device, gateway or external application to generate temporary tokens before every request, using your account's API key. Your API key can also be found in your account's "My Profile" section.

To generate tokens, make a request to this endpoint:




x-ubidots-apikeyYour API Key

Sample response

    "token": "BBFF-nQ5jCC445FfClcKLCQ55YhnTb2oh6knHsZO55JAvogLSrcHK7WxoPJU"

More information on how to obtain your token.

Using your token in API requests

There are two ways to send a token in a request:

  1. Sending the token in the Header (recommended):

  2. Sending the token as query parameter:

While sending your token as a query parameter might be more straightforward, we only advise doing so in prototyping stages as the token is visible and thus a lot less secure. For production stages, we strongly advise sending the token in the X-Auth-Token header.


Authentication without Header - Not Recommended!

While it is possible to send the authentication token as a query parameter, sparing the X-Auth-Token header, it is much less secure. Including a token -or any security credential- in a URL path will make it easily readable in router logs, browsers' history, and packet sniffers.

//Example Request to create a device with Token in the Header

curl -X POST 'https://industrial.api.ubidots.com/api/v2.0/devices/' \
 -H 'Content-Type: application/json' \
 -H 'X-Auth-Token: oaXBo6ODhIjPsusNRPUGIK4d72bc73' \
 -d '{}'
 //Example Request to GET all devices with Token sent as Query Parameter
 curl -X GET 'https://industrial.api.ubidots.com/api/v2.0/devices/?token=asdf657asdf675asdf876asdf' \