Get the bearer token to make API calls.


Authentication is a mandatory process of verifying your identity as an UP42 user. Access to UP42 services is allowed or denied based on the identity of the requester. The UP42 API uses bearer authentication.

The UP42 platform relies on the following structure: Project > Workflow > Block > Job. Once the user creates a project, the access token will be generated as a cryptic string based on the project's credentials: the project ID and project API key. The access token is thus called a project token.

Each API call is made at project level. If you wish to switch the project, you need to generate a new project token with the credentials from the project of your choice.


For the API calls, we recommend using several third party tools (see table below).

cURLcommand-line HTTP client for getting or sending data using URL syntax.
jqlightweight command-line tool for processing the JSON syntax.
jwt-clicommand-line tool for decoding the project token. This token is based
on JSON Web Tokens and uses a Hashed Message Authentication Code
(HMAC) based on SHA-512.

Get project credentials

To generate the project ID and project API key, please follow the steps below:

  1. If you do not have an UP42 account, register here.
  2. After registering, create a project on the console and locate the project credentials here.
  3. Create two project variables. In this example, we used the variables PROJ (project ID) and PKEY (project API key).

Get bearer token

After the project variables have been created, get the bearer token (also known as project token):

PTOKEN=$(curl -sX POST "https://$PROJ:$PKEY@api.up42.com/oauth/token" \
-H 'Content-Type: application/x-www-form-urlencoded' -d \
'grant_type=client_credentials' | jq -r '.data.accessToken')

Please note that the token is valid for 5 minutes. To get a new token, recall the command by typing !PTOKEN.

Now that you have access to the UP42 services, you can proceed with one of the following guides: