API Tokens
Available on: Enterprise Edition>= 0.15.0
How to manage API tokens in Kestra.
What is an API token
API tokens are used to authenticate API requests to the Kestra API. You can create an API token for a user or a service account.
Where you can use API tokens
API tokens are used anytime you want to grant programmatic access to the Kestra API. To authenticate your custom API calls, you can pass a bearer token to the request header. For example, you can use API tokens to authenticate with the Kestra API from a CI/CD pipeline or from a custom application.
Currently, we support API tokens as authentication mechanism for the following services:
How to create a User API token
To create an API token, navigate to the person icon in the top right corner of the Kestra UI and click on Get a token.
Once in your profile, click on + Create API Token in the Manage your API Tokens section.
Fill in the form with the required information including the Name, Description, and Max age. Once satisfied, click Generate:
Note: you can configure the token to expire after a certain period of time or to never expire. Also, there is a toggle called Extended that automatically prolongs the token's expiration date by the specified number of days (Max Age) if the token is actively used. That toggle is disabled by default.
Once you confirm the API token creation, the token will be generated and displayed in the UI. Make sure to copy the token and store it in a secure location as it will not be displayed again.
How to create a Service Account API token
To create an API token for a Service Account, navigate to the Administration section and click on the Service Accounts page.
Then, go to the API Tokens tab and click on the Create button:
Fill in the form with the required information including the Name, Description, and Max age. Once satisfied, click Generate:
Note: same as for a user token, you can configure the token to expire after a certain period of time or to never expire. Also, there is a toggle called Extended that will automatically prolong the token's expiration date by the specified number of days (Max Age) if the token is actively used. That toggle is disabled by default.
Once you confirm the API token creation via the Generate button, the token will be generated and displayed in the UI. Make sure to copy the token and store it in a secure location as it will not be displayed again.
How to use an API token in an API request
To authenticate your custom API calls, you can pass a Bearer token to the request's Authorization header. Here is an example that will trigger a flow execution using the Kestra API:
curl -X POST http://localhost:8080/api/v1/executions/dev/hello-world \
-H "Authorization: Bearer YOUR_API_TOKEN"
Was this page helpful?