The availability of features may depend on your plan type. Contact your Customer Success Manager if you have any questions.

Dev GuideAPI Reference
Dev GuideAPI ReferenceUser GuideLegal TermsProduct feedbackGitHubNuGetDev CommunitySubmit a ticketLog In

Personal access token

Generate your personal access token from the Optimizely application and use it to authenticate with the REST API.

Optimizely's REST API lets you create and manage Optimizely Web Experimentation projects and experiments and analyze results from other applications.

For example, our partners and technology partners use the REST API to:

  • Create audiences based on information collected from your Data Management Platform
  • Manage Optimizely Web Experimentation projects from an internal system
  • Pull results data into an internal dashboard or results widget
  • Send email alerts when certain results are achieved

To use the Optimizely API (2.0), you need to authenticate by generating an API token.

Collaborator role permissions

Administrators can generate and revoke personal tokens for all other users in their accounts. Here are a few more details about personal tokens by Optimizely collaborator role


  • Generate personal tokens for any collaborator in the Optimizely account they administer
  • Revoke personal tokens generated for any collaborators in their account, at any time
  • View a list of all active tokens in an account 

Editors, Project Owners, and Viewers

  • Generate personal tokens for themselves
  • Revoke their own personal tokens, at any time
  • View the active tokens that they have generated for themselves

Generate a token

To generate a personal token in Optimizely:

  1. Go to Profile > API Access and click  Generate New Token.

  2. Enter a token name and click Create.

  3. If you are an administrator, you can create tokens for other collaborators on the account. Use the dropdown menu to select a collaborator. If you are not an administrator for the account, you can only generate a personal token for yourself.

  4. Copy the token.

For security purposes, when you navigate away from the API Access tab, the token will no longer be visible when you return. If you need a token, generate a new one.

Keep your tokens secret; treat them like passwords! If you need a new one, revoke or delete the token and generate another.

Revoke a token

Revoking a token permanently removes it, so you can no longer use it to connect to the Optimizely API (2.0). If you are an administrator, you can revoke any personal token attached to the account. If you are not an administrator for the account, you can only revoke the tokens that you generate for yourself.

To delete a token:

  1. Go to Profile > API Access.
  2. Under Personal Access Tokens, click Revoke.
  3. Click Delete Token to confirm. You cannot undo this action.

Authenticate with your access token

To authenticate, use a token generated from the instructions above in the request header, as shown in the example below. All API request examples in this documentation use the same header.

curl -H "Authorization: Bearer abcdefg123456" \

You can also write applications that authenticate with the Optimizely API (2.0) via OAuth 2.0. For more details on connecting applications via OAuth 2.0, refer to our OAuth 2.0 documentation.

Using the wrong token will fail with error 403 - Authentication Failed. If you forget to add the token or set the token on the wrong header/on the body, the request will fail with 401 - Unauthorized.