HomeGuidesAPI Reference
Submit Documentation FeedbackJoin Developer CommunityOptimizely GitHubOptimizely NuGetLog In

Personal access token

Generate your personal access token from the Optimizely application and use it to authenticate with the REST API.

Optimizely's REST API lets you create and manage Optimizely projects and experiments and analyze results from other applications.

For example, our partners and technology partners use the REST API to:

  • Create Optimizely audiences based on information collected from your Data Management Platform
  • Manage Optimizely projects from an internal system
  • Pull results data into an internal dashboard or results widget
  • Send email alerts when certain results are achieved

To use the Optimizely REST API, you need to authenticate by generating an API token.

Collaborator role permissions

Administrators can generate and revoke personal tokens for all other users in their account. Here are a few more details about personal tokens, by Optimizely collaborator role

Administrators

  • Generate personal tokens for any collaborator in the Optimizely account they administer
  • Revoke personal tokens generated for any collaborators in their account, at any time
  • View a list of all active tokens in an account 

Editors, Project Owners, and Viewers

  • Generate personal tokens for themselves
  • Revoke their own personal tokens, at any time
  • View the active tokens that they have generated for themselves

Generate a token

To generate a personal token in Optimizely:

  1. Go to Profile > API Access and click  Generate New Token.

  2. Enter a token name and click Create.

  3. If you are an administrator, you can create tokens for other collaborators on the account. Use the dropdown menu to select a collaborator. If you are not an administrator for the account, you can only generate a personal token for yourself.

  4. Copy the token.

For security purposes, when you navigate away from the API Access tab, the token will no longer be visible when you return. If you need a token, generate a new one.

Keep your tokens secret; treat them like passwords! If you need a new one, revoke or delete the token and generate another.

Revoke a token

Revoking a token permanently removes it, so you can no longer use it to connect to the Optimizely API. If you are an administrator, you can revoke any personal token attached to the account. If you are not an administrator for the account, you can only revoke the tokens that you generate for yourself.

To delete a token:

  1. Go to Profile > API Access.
  2. Under Personal Access Tokens, click Revoke.
  3. Click Delete Token to confirm. You cannot undo this action.

Authenticate with your access token

To authenticate, use a token generated from instructions above in the request header, as shown in the example below. All API request examples in this documentation use the same header.

curl -H "Authorization: Bearer abcdefg123456" \
  "https://api.optimizely.com/v2/projects"

You can also write applications that authenticate with the REST API via OAuth 2.0. For more details on connecting applications via OAuth 2.0, refer to our OAuth 2.0 documentation.

Using the wrong token will fail with error 403 - Authentication Failed. If you forget to add the token or set the token on the wrong header/on the body, the request will fail with 401 - Unauthorized.