API Authentication

How to authenticate your device or app before interacting with our API

David Sepúlveda avatar
Written by David Sepúlveda
Updated over a week ago

Ubidots API access can be done over HTTP or HTTPS, using the following URLs:


The relative path prefix /v1.6/ indicates that we are currently using version 1.6 of the API.

Every request requires a TOKEN. The easiest way to get yours is clicking on “API Credentials” under your profile tab:

All API calls below will only accept your TOKEN. Don’t try to use your API Key, it won’t work!

How to use your TOKEN

You can send your TOKEN in the HTTP URL or HTTP Headers:

  • Http Request with token in URL

GET /api/v1.6/variables?token=MtRbM7ipKUsjRh6RwJE0ofIQo0KqoG HTTP/1.1
Host: industrial.api.ubidots.com
  • Http Request with token in headers

GET /api/v1.6/variables HTTP/1.1
Host: industrial.api.ubidots.com
X-Auth-Token: MtRbM7ipKUsjRh6RwJE0ofIQo0KqoG

Both requests are equivalent.

What is the API Key for?

You may have noticed there are two types of keys in your Ubidots account:

  • Tokens: Temporary and revocable keys to be used in your API requests.

  • API Key: This is your “Master Key”; a unique and immutable key that is used only to generate tokens through the API.

Tokens created through the API will expire after 6 hours if not used. This is a  security measure that is useful for apps that need a new token every time a request will be made. This way, if the communication were intercepted, only a temporary token would be compromised, not risking the security of your sensor data.

On the other hand, tokens created from your account profile will never expire. These are handy to prototype your IoT solution since you won't require an extra request in your code in order to get a token.

To create tokens through the API, a POST request to this URL may be used:

Did this answer your question?