We make sure that only authorized users can make API calls!

Making secure calls to our REST API requires authentication and authorization. THEOlive makes use of token-secret pairs to authorize requests.

1. Getting a token-secret pair

To generate a token-secret pair, you should be registered for an account at Under the section "Tokens", click on the "Generate Token" button, and enter a name before clicking "Generate".


Generate token

This will give a pop-up which shows your token "key" and the corresponding secret.


Generated token and secret - save your secret now, it can't be retrieved in the future

Once you "Close" the pop-up window, the new token will be visible in your list of tokens.


Token list


Please store the secret

Make sure to store the secret somewhere, as this will be shown to you only once, and THEOlive only stores a hash of the secret, so it cannot be recovered afterward.

In case you forgot your secret, or the secret got exposed, you can easily regenerate a pair at all times.

2. Using the token-secret pair with Basic Authentication

THEOlive makes use of Basic Authentication when making requests to the API. In the 'Authorization' header, make sure to pass your token-secret pair (encrypted with base64), prepended with the word 'Basic'.

As an example, assume that your token has the value "my-token", and your secret has the value "my-secret". Then you can put them together like this: my-token:my-secret.

You subsequently encode this value using base64. Applying 'base64(my-token:my-secret)' will result in the following encoded string: 'bXktdG9rZW46bXktc2VjcmV0'

This string can then be used in combination with 'Basic' to pass in the 'Authorization' header:

Authorization: Basic bXktdG9rZW46bXktc2VjcmV0

You can now make requests to our THEOlive API in the name of your organization!


Basic Authentication with Postman

The guide Using Postman with THEOlive illustrates how to use the THEOlive token-secret pair in Postman.