Orbit offers two types of API tokens to authorize access to the API.
- You can find your API tokens on the Account Settings page.
- These tokens are associated to your own user account, activity via the API that uses this token will be attributed to you.
- You only have one token per user
- You can find Workspace API tokens on your Workspace Settings page (Workspace Owners only).
- These tokens are associated with your workspace.
- Activity via the API that uses these tokens will be attributed to the name you give the token when it is created.
- You can set up as many Workspace API tokens as you need, this helps to split up different services and allow for greater security.
- Only Orbit workspace owners can access and create new Workspace API tokens
It depends on your use case but a good example would be if an external service is going to be using the Orbit API on behalf of you, a user, then your personal token would be suitable for this.
If you are using a bot, or Zapier, or a service that multiple users have access to, a Workspace API token would be a better choice. You can set one up for every API integration you create, and have central control over revocation and regeneration of the token.
There is no difference in API functionality regardless of what token you use.
Our API expects that your API token is included in the
Authorization header of your API request.
We use Bearer Token Authentication. This means that you must format the content of your
Authorization header like this:
To try out API requests right from your browser here in the documentation, you need to enter
Bearer <your-user-or-workspace-api-token> inside the authorization prompt after clicking the "Try It" button on any API reference page.