Skip to main content


The Identity Cloud API uses access keys to authenticate requests. You can view and manage your access keys in the Management Console under Settings > Access keys. Identity Cloud expects the access key to be included in all API requests to the server in a header as the following:

Authorization: Bearer $accessKey

For the example requests below to work, run the following snippet and paste your access key value to be set in the variable $accessKey.

read -s accessKey
  • All calls to the API must be authenticated using an Authorization Bearer Token header.
  • All API requests must be made over HTTPS. Calls made over plain HTTP will fail.
  • API requests without authentication will also fail.

Your access keys carry many privileges, keep them secure! Do not share your secret access keys in publicly accessible areas such as GitHub or client-side code.