API Access token
API Access Token is a unique identifier assigned to a particular project or several projects in your account. It authenticates your account for managing your projects via the API, including account modifications, sending messages, editing projects, etc.
API Access token types
Section titled “API Access token types”Pushwoosh provides two different API Access Token types: Server and Device.
Each token type is only valid for its specific API scope. An authentication error will occur if the incorrect token is used.
Server API token
Section titled “Server API token”The Server API token is used with all API methods, except those under the Device API. It should be included in the request body in the auth
field.
Device API token
Section titled “Device API token”The Device API token is used exclusively with Device API methods. It should be included in the HTTP request headers using the Authorization
header.
Below is an example of the correct header format:
Authorization: Token <device_api_token>
Replace <device_api_token>
with your actual Device API Token value.
Create and manage API Access tokens
Section titled “Create and manage API Access tokens”You can view, create, and manage your API Access tokens in the API Access section of the Pushwoosh Control Panel. To access it, go to Settings → API Access.
By default, each account includes a token called Pushwoosh Demo App, which is set up as a server token.
Create a new API Access token
Section titled “Create a new API Access token”To create a new API Access token:
Go to the API Access section in the Control Panel.
Click Generate New Token.
In the window that appears, choose the token type:
Enter a name for the token.
Click Generate to create the token.
Important: Be sure to give the token access to the right app in your Pushwoosh Control Panel. Learn more
The new token will appear in the API Access list. From there, you can copy its value for use in API requests or manage its access permissions as needed.
Manage a token
Section titled “Manage a token”To manage an existing API token, click the three-dot menu (⋮) next to the token entry in the API Access section.
The following options are available:
Grant access to all projects
Section titled “Grant access to all projects”Gives the token access to all projects in your account. This allows it to fully use the API across all projects.
Revoke access from all projects
Section titled “Revoke access from all projects”Removes the token’s access to all projects in your account. The token will no longer be able to use the API until access is given again.
Edit token
Section titled “Edit token”Opens the Edit API Token Permissions screen, where you can:
Change the token name
Copy the token value
Choose which projects the token can access by selecting or unselecting them in the list
After you finish making changes, click Save to apply them.
Delete token
Section titled “Delete token”Permanently removes the token from your account.
Authorizing API requests
Section titled “Authorizing API requests”To authorize API requests, use the correct type of API Access token based on the type of API method you are calling:
For Server API methods
Section titled “For Server API methods”Include the token in the “auth” field of the request body: Example:
{ "request": { "application": "XXXXX-XXXXX", "auth": "yxoPUlwqm…………pIyEX4H", // paste your server token here "notifications": [{ "send_date": "now", "content": "Hello world" }] }}
For Device API methods
Section titled “For Device API methods”Use the Device token. Include it in the HTTP request header using the following format:
Authorization: Token <device_api_token>
Replace <device_api_token>
with your actual token value.