Authentication
All Onsomble API requests require authentication using Bearer tokens.
Getting Your Token
Go to Settings
Navigate to Settings → API Keys in your Onsomble account.
Generate a token
Click Create New API Key and give it a descriptive name.
Copy and store securely
Copy the token immediately — it won’t be shown again.
Warning
Treat your API token like a password. Never share it publicly or commit it to version control.
Using Your Token
Include the token in the Authorization header of all requests:
curl -X GET "https://api.onsomble.ai/api/notebooks" \
-H "Authorization: Bearer YOUR_API_TOKEN"Token Security
Best Practices
- Use environment variables — Never hardcode tokens in your code
- Rotate regularly — Generate new tokens periodically
- Minimum scope — Create separate tokens for different applications
- Monitor usage — Check API logs for unexpected activity
Revoking Tokens
If a token is compromised:
- Go to Settings → API Keys
- Find the compromised token
- Click Revoke
- Generate a new token
Error Responses
| Status | Code | Description |
|---|---|---|
| 401 | UNAUTHORIZED | Missing or invalid token |
| 403 | FORBIDDEN | Token valid but insufficient permissions |
Example Error
{
"error": {
"code": "UNAUTHORIZED",
"message": "Invalid or expired API token"
}
}Learn More
Last updated on