In every API call you make to Spotinst API, you must include Authentication token to authenticate yourself. There are two kinds of tokens you can use:

  • Personal Access Token
  • Temporary Access Token
WARNING: Do not share your personal access token or your application secret with anyone outside your organization. Please contact our support if you’re concerned your token has been compromised.

Permanent Access Token

Personal Access Tokens are a useful mechanism for accessing the API. You can create many, but not unlimited, personal access tokens (It is recommended to add description to each token)

You can create personal tokens from Spotinst Spotinst Console.


Temporary Access Token

The temporary access token is valid for 2 hours (7200 seconds).

You can create personal tokens by using the below command:

$ curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'username=<USERNAME>&password=<PASSWORD>&grant_type=password&client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>'

The request will return the accessToken – Use this token when making calls to Spotinst API

Remember to keep your tokens secret, treat them just like passwords! They act on your behalf when interacting with the API. Don’t hardcode them into your programs; instead, opt to use them as environment variables.