Use an API Token for Authentication

Using browser-based authentication via an OpenID Connect (OIDC) Identity Provider may not be convenient if you want to use the GoodData Cloud Native (GoodData.CN) API from the command line or some application. For these use cases, you can issue an API token and then use it to access the GoodData.CN resources on behalf of the issuing user.

To use the API token, do the following:

  1. Generate the API token.
  2. Use the generated API token in HTTP requests.

Generate the API Token

To generate the API token, use one of the following methods:

  • Submit a POST request to /api/entities/users/{:userId}/apiTokens.

    In the Authorization header of the request, provide the value of a different token (another user’s API token or the $GDC_API_TOKEN).

    curl --request POST -H 'Content-type: application/vnd.gooddata.api+json' \
        -H 'Authorization: Bearer <other-token>' \
        -d '{"data":{"id":"mynewtoken","type":"apiToken"}' \ | \
      jq data.attributes.bearerToken
  • Use a valid authenticated session.

    1. Open a web browser with an authenticated session to the Organization’s pages.

    2. Open the browser’s Developer Tools.

    3. In the following command, replace {userId} with your actual user ID, and run the command in the JavaScript console:

      fetch('/api/entities/users/{userId}/apiTokens', {
      method: 'POST',
      body: JSON.stringify({
        data: {
          id: 'mynewtoken',  // provide a unique ID of the API token
          type: 'apiToken'
      headers: {
        'Content-type': 'application/vnd.gooddata.api+json'
      .then(res => res.json())
      .then(data => console.log(`Your new API token is ${}`));

The generated API token looks similar to the following:


Copy and store the API token. If lost, the API token cannot be retrieved, and you will have to generate a new one.

Use the Generated API Token in HTTP Requests

To authenticate using the API token, add the Authorization: Bearer $GDC_API_TOKEN header to your HTTP request.