All Collections
PassKit API
Using Long-Lived API Tokens
Using Long-Lived API Tokens
Jesse Langford avatar
Written by Jesse Langford
Updated over a week ago

WARNING: A Long-Lived Token provides full and permanent API access to your account. It should only be used for integrating legacy systems that not able to consume using our SDKs and are unable to dynamically generate a JWT for each request.

If you are integrating via REST then we strongly recommend you authenticate using a JWT, as per this guide.

There are two ways you can obtain a long-lived API token:

Via the PassKit Portal

  1. Navigate to the program that you want to use

  2. Click on settings

  3. Click on integrations

  4. Click the Long Lived API Token button

  5. Provide your password when prompted

  6. Upon successful authentication, your token will be displayed

Via the API

You can also obtain a token by calling the login endpoint with a special request header.


HEADERS: x-passkit-longlived-token: true

BODY: { "username": "xxx", "password": "xxx" }

RESPONSE: { "token": "xxx" }

Long Lived Tokens are not Json Web Tokens. If you use a standard jwt library or a tool like to inspect the token it will fail.


To use your token, include it in your authorization header with a Bearer prefix to consume the REST API.

Authorization: Bearer token

Did this answer your question?