Skip to main content
Feedback

Platform API Tokens overview

API tokens allow users to authenticate calls to the Platform APIs and Partner APIs.

To create and use API tokens on your user account, you must have the API Access privilege and the API Token feature must also be enabled in Settings > My User Settings > Platform API Tokens.

Introduction to API tokens

API tokens are an alternative to using your user name and password credentials to authenticate calls to the Platform API and Partner API. API tokens provide the ability for users, including single-sign on (SSO) users or those with two-factor authentication enabled on their accounts, to create automated processes that utilize APIs without having to program, store, or transmit their username and password credentials.

You can generate up to 5 tokens on their user account. Users can add, revoke, disable, enable, or rename their API tokens using the Boomi Platform API Tokens page in Settings. Tokens, represented as a string of alphanumeric characters, are always associated with the user who created them and cannot be updated. API tokens should be treated like passwords, and should not be shared among other users. Account administrators can manage all API tokens generated by users that belong to an account.

Creating API tokens

Use the following steps to add up to 5 unique API tokens on your user account. Once the token is generated, you will no longer have the ability to view or copy the full token value for security reasons. Therefore, it is important to safely and securely store your token for later use.

  1. Select Settings > My User Settings and click the Platform API Tokens tab.

    If you have one or more API tokens created on your user account, you will see each token listed with their name, date created, and status details.

  2. Click Add New Token.

    The New API Token dialog opens and prompts you to enter a name for the new token.

  3. Enter a name for the new token, and click Generate Token. Each token must have a unique name as they are used for identification purposes when making API calls. Token names are limited to 100 characters.

    The New API Token screen opens and prompts you to copy your newly generated API token.

  4. To copy the new token to your clipboard, do one of the following:

    • Click the Copy to Clipboard icon to copy the token string without exiting. A message displays stating that the value has been copied to your clipboard. When you are ready to close the dialog, click the Copy to Clipboard & Close button.
    • Click the Copy to Clipboard & Close button to copy the token string and exit the dialog.

  5. Store your new API token in a secure location. Boomi recommends that you treat your tokens with the same level of security as you would a password.

Your new token is now generated, and you can view its details on the Platform API Tokens page.

Renaming tokens

  1. Select Settings > My User Settings and click the Platform API Tokens tab.

  2. In the list, click the Action icon next to the API token you want to rename.

    • The Edit Platform API Token name dialog opens.

    • In the Name field, enter a new name for your API token. Token names are limited to 100 characters.

    note

    The new name must be unique to existing API token names in the list, otherwise the dialog will not save.

    • Click the Save button to save the new token name, or click Cancel to exit without saving changes.

Using Platform API Tokens in your API call

Boomi highly encourages users to replace instances of their username and password credentials in their Platform and Partner API calls with an API token where applicable. To use the API token in an Platform API or Partner API connector call, change the Authentication Type to API Token in your connection, and then enter your user name in the User Name field as normal and the API token's number in the API Token field. To make a call to the Platform API or Partner API using an API token in any other case, replace the <username:password> value in the Basic Auth header of your API calls with BOOMI_TOKEN.<username>:<token_value>.

SSO users can make Platform and Partner API calls without having Administration privileges by utilizing API tokens. Additionally, users with two-factor authentication (2FA) enabled on their account can authenticate their API calls using a single API token, rather than needing to enter authentication codes generated by their Time-based One Time Password application.

For example, the following shows a user using an API token to authenticate a GET request made to the Audit Log object:

curl --user "BOOMI_TOKEN.user@boomi.com:123aab45-67b8-9012-3a45-67c8e9e01e23" --request GET 'https://api.boomi.com/api/rest/v1/account123/AuditLog/documentId-321'

For more information about authenticating Boomi Platform API and Partner API calls, see Related References.

On this Page