- Home
- Resources
- APIs
- Authentication
- Personal Token
Personal access token
To access the OpenAIRE APIs with better rate limits you can use your personal access token.
How to create your personal access token
To create your personal access token:- Login to OpenAIRE. In case you are not already a member you will need to register first.
- Go to your personal access token page to get your personal access token.
Your access token is valid for an hour.
Do not share your personal access token. Send your personal access token over HTTPS.
How to use your personal access token
To access the OpenAIRE APIs send your personal access token using the Authorization header.
GET https://api.openaire.eu/{resourceServicePath} Authorization: Bearer {ACCESS_TOKEN}
An hour is not enough? What to do.
To prolong your access to our APIs you can use a refresh token that allows you to programmatically issue a new access token.
To get your refresh token:
- Login to OpenAIRE. In case you are not already a member you will need to register first.
- Go to your personal access token page and click the "Get a refresh token" button to get your refresh token.
Please copy your refresh token and store it confidentially. You will not be able to retrieve it. Do not share your refresh token. Send your refresh token over HTTPS.
Since the OpenAIRE refresh token expires after one month, when a client gets a refresh token, this token must be stored securely to keep it from being used by potential attackers. If a refresh token is leaked, it may be used to obtain new access tokens and access protected resources until a new one is issued or it expires.
To get a personal access token using your refresh token you need to make the following request:
https://services.openaire.eu/uoa-user-management/api/users/getAccessToken?refreshToken={your_refresh_token}
The response has the following format
{ "access_token": "...", "token_type":"Bearer", "refresh_token": "...", "expires_in": ..., "scope":"...", "id_token":"..." }
Error Messages
Missing Refresh Token
{ "status" : "error", "code" : "400", "message" : "Bad Request", "description" : "Missing refreshToken parameter" }
Invalid Refresh Token
{ "status" : "error", "code" : "401", "message" : "Unauthorised", "description" : "Invalid refreshToken token" }
Need more access?
Please register a service.