# API Token

### Create a Token

In order to access the Select Star API, you'll need to first generate a token.

In your Account Settings page, under `Client API Token`, click on `Manage API Tokens` :

![](https://3470314135-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MgAiVthA_yg9UXKuhyY%2Fuploads%2Fgit-blob-7fc92de9b97b09f15eaf095168ca061e3e9eb65a%2FScreen%20Shot%202021-09-09%20at%203.30.39%20PM.png?alt=media)

Then, in the modal, click on the `Create` button.

![](https://3470314135-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MgAiVthA_yg9UXKuhyY%2Fuploads%2Fgit-blob-67cfa49e8998ee45266e1f4392283da4aab66a6f%2FScreen%20Shot%202021-09-09%20at%203.29.38%20PM.png?alt=media)

Copy the text in the `API Token` field to use as the token in API requests.

![](https://3470314135-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MgAiVthA_yg9UXKuhyY%2Fuploads%2Fgit-blob-06bbf2e71246b285d935a0d67d882412b223f6f4%2FScreen%20Shot%202021-09-09%20at%203.29.59%20PM.png?alt=media\&token=b6d68123-c04a-41e6-9191-f6185652ca7c)

API tokens have no expiration, but they can be deleted and then recreated manually.

### Making Authenticated Requests

All Select Star API endpoints require authentication, so the token must be included it in all requests. Set the `Authorization` header for bearer authentication like the following:

```
Authorization: Token <token>
```

{% hint style="warning" %}
Please note that for authorization type, you must use **`Token`** and not `Bearer`
{% endhint %}

For example, in `curl`, set the header using the `-H` flag:

```
curl https://api.production.selectstar.com/v1/tables/ -H "Authorization: Token <your_token>"
```

If the token is missing or invalid, the endpoint will return `401: Unauthorized` with one of the following messages in the body:

```
{
    "detail": "Authentication credentials were not provided."
}
```

```
{
    "detail": "Given token not valid for any token type",
    "code": "token_not_valid",
    "messages": [
        {
            "token_class": "AccessToken",
            "token_type": "access",
            "message": "Token is invalid or expired"
        }
    ]
}
```