Skip to content

API Access token

API Access Token is a unique identifier assigned to a particular project or several projects in your account. It authenticates your account for managing your projects via the API, including account modifications, sending messages, editing projects, etc.

API Access token types

Pushwoosh provides two different API Access Token types: Server and Device.

Each token type is only valid for its specific API scope. An authentication error will occur if the incorrect token is used.

Server API token

The Server API token is used with all API methods, except those under the Device API. It should be included in the request body in the auth field.

Device API token

The Device API token is used exclusively with Device API methods. It should be included in the HTTP request headers using the Authorization header.
Below is an example of the correct header format:

Authorization: Token <device_api_token>

Replace <device_api_token> with your actual Device API Token value.

Create and manage API Access tokens

You can view, create, and manage your API Access tokens in the API Access section of the Pushwoosh Control Panel. To access it, go to Settings → API Access. Pushwoosh Demo App token

By default, each account includes a token called Pushwoosh Demo App, which is set up as a server token.

Create a new API Access token

To create a new API Access token:

  1. Go to the API Access section in the Control Panel.

  2. Click Generate New Token.

  3. In the window that appears, choose the token type:

    • Server used for most API methods (excluding Device API methods).

    • Device used for Device API methods only.

  4. Enter a name for the token.

  5. Click Generate to create the token.

Generate a New Token

The new token will appear in the API Access list. From there, you can copy its value for use in API requests or manage its access permissions as needed.

Manage a token

To manage an existing API token, click the three-dot menu (⋮) next to the token entry in the API Access section.

Manage a token

The following options are available:

Grant access to all projects

Gives the token access to all projects in your account. This allows it to fully use the API across all projects.

Revoke access from all projects

Removes the token’s access to all projects in your account. The token will no longer be able to use the API until access is given again.

Edit token

Opens the Edit API Token Permissions screen, where you can:

  • Change the token name

  • Copy the token value

  • Choose which projects the token can access by selecting or unselecting them in the list

Manage a token

After you finish making changes, click Save to apply them.

Delete token

Permanently removes the token from your account.

Authorizing API requests

To authorize API requests, use the correct type of API Access token based on the type of API method you are calling:

For Server API methods

Include the token in the “auth” field of the request body: Example:

{
"request": {
"application": "XXXXX-XXXXX",
"auth": "yxoPUlwqm…………pIyEX4H", // paste your server token here
"notifications": [{
"send_date": "now",
"content": "Hello world"
}]
}
}

For Device API methods

Use the Device token. Include it in the HTTP request header using the following format:

Authorization: Token <device_api_token>

Replace <device_api_token> with your actual token value.