• 17 Oct 2023
  • 1 Minute to read
  • Dark


  • Dark

Article summary

Torq REST API uses bearer tokens to authenticate requests. You generate a bearer token by sending a request to the Torq authentication server. In the request to the authentication server you'll provide your Torq API key, which consists of a client id and client secret. After a successful request to the authentication server you'll receive a bearer token that you will pass in the Authorization header for all Torq API requests.

A bearer token is valid for one hour (3,600 seconds).

Create an API key

The API key consists of a client_id and client_secret . These credentials are used to authenticate when you request a bearer token.

API keys are workspace-specific. This means that requests are made on the workspace where the API key used to create the bearer token was created. Make sure the API key you're using to generate the bearer token was created in the workspace you want to run the requests on.

  1. In Torq, click your workspace icon/avatar.
  2. Click API Keys > Create API Key.
  3. Give the API key a meaningful name and click Create.
  4. Copy the Client ID and Client Secret to a safe place. You won't be able to access the Client Secret later.

Generate a bearer token

To generate the bearer token, send a request to the endpoint: . See the sample request below for the full request.

Replace <CLIENT_ID>_and _<_CLIENT_SECRET> with the client ID and client secret you received when you created the API key.

Sample request - cURL

curl POST -H "Accept: application/json"  -H "Accept-Language: en_US"  -u "<CLIENT_ID>:<CLIENT_SECRET>"  -d "grant_type=client_credentials"

Sample response - cURL

The bearer token is the value of the access_token key.

You will pass this token in the authorization header for all API requests: Authorization: Bearer <token> .


Sample request - Torq

You can generate the bearer token in Torq by using the Send an HTTP Request step. You need to add a body field for the grant type.

UsernameThe client_id you received when you created the API key.
PasswordThe client_secret you received when you created the API key.
Content typeapplication/x-www-form-urlencoded
  • Name: grant_type
  • Value: client_credentials

Sample response - Torq

  "api_object": {
    "access_token": "8266095f-****-****-****-203a47f40c06",
    "expires_in": 3600,
    "token_type": "Bearer"
  "headers": {
    "Access-Control-Allow-Credentials": "true",
    "Access-Control-Allow-Origin": "",
    "Cache-Control": "no-store",
    "Content-Length": "96",
    "Content-Type": "application/json;charset=UTF-8",
    "Date": "Mon, 21 Mar 2022 15:00:02 GMT",
    "Pragma": "no-cache",
    "Strict-Transport-Security": "max-age=15724800; includeSubDomains"
  "status_code": 200,
  "step_status": {
    "code": 1,
    "message": "",
    "verbose": ""

Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.