Skip to main content

Overview

All Caspen API requests use bearer token authentication. Include your token in the Authorization header on every call.

Bearer token authentication

curl https://api.caspen.com/v1/clients \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Accept: application/json"
Bearer tokens provide the same access as the issuing account. Store them securely and rotate them if you suspect compromise.

Getting your token

  1. Sign in to the Caspen dashboard as an account owner.
  2. Go to Settings -> API keys.
  3. Create a new token and copy it immediately.
  4. Store the token in a secure secret manager or environment variable.
Tokens do not expire automatically. Revoke and regenerate them from the dashboard whenever you need to change access.

Implementation tips

  • Send requests over HTTPS (TLS 1.2 or higher).
  • Never embed tokens in client-side code or logs.
  • Use separate tokens for different services or environments to simplify rotation.
Refer to the Security guide for more hardening recommendations.