Authentication

Last modified: April 22, 2024

1 Introduction

Mendix APIs are secured by either API keys or personal access tokens (PATs). Both mechanisms allow clients such as a CI/CD pipeline to consume the platform APIs on behalf of the platform user who created the token. The benefit of a PAT compared to an API key is that the platform user can restrict the scope of delegated access to specific APIs during creation of the PAT. In the specific API document, you can find information about the mechanism used for the API.

The same privilege restrictions apply as for the user who created an API key or PAT. If the user has been deactivated, then the API keys and PATs that they created can no longer be used.

2 Authentication Using an API Key

2.1 Obtaining an API Key

To obtain a Mendix API key, follow the instructions in the API Keys section of Mendix Profile.

2.2 Using Authentication Headers

Use the following request headers to authenticate an API call:

Mendix-Username – the login name of the requesting user with the required privileges in the Mendix Platform
Mendix-ApiKey – the API key of this user

For an example, see one of the Request sections in Deploy API – Version 1.

3 Authentication Using a PAT

The benefit of a PAT compared to API keys is that the platform user can restrict the scope of delegated access to specific APIs, by selecting the correct scopes during creation of the PAT.

3.1 Generating a PAT

To generate a PAT, follow the instructions in the Personal Access Tokens section of Mendix Profile. Make sure that you select the correct scopes for the PAT that you generate. You can find the correct scopes in the specific API document.

3.2 Using the PAT

Include an Authorization header with the value MxToken {GENERATED_PAT} to authenticate an API call. For an example, see the Using the PAT section of the Webhooks API.

Feedback

Was this page helpful?

Glad to hear it! Thank you for your response.

Sorry to hear that. Please tell us how we can improve.