Every API call made to Spotinst API must include an Authentication token to authenticate the user. There are two kinds available tokens:

  • Personal Access Token
  • Temporary Access Token
WARNING: Do not share your personal access token or your application secret with anyone outside your organization. Please contact our support if you’re concerned your token has been compromised.

Permanent Access Token

Personal Access Tokens are a useful mechanism for accessing the API. Each account can create many, but not unlimited, personal access tokens (It is recommended to add a description to each token)

To create personal tokens for Spotinst, go to the Spotinst Console.


Temporary Access Token

The temporary access token is valid for 2 hours (7200 seconds).

To create personal tokens use the following command:

$ curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'username=<USERNAME>&password=<PASSWORD>&grant_type=password&client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>' https://oauth.spotinst.io/token

The request will return the accessToken – Use this token to make calls to Spotinst API

Remember to keep your tokens secret, treat them just like passwords! They act on your behalf when interacting with the API. Don’t hardcode them into your programs; instead, opt to use them as environment variables.