Version: 8.9 (unreleased)

Authentication

warning

The Zeebe REST API is deprecated. While it continues to function, new development should use the Orchestration Cluster REST API by referencing the Orchestration Cluster REST API migration documentation.

The Zeebe REST API uses the same authentication mechanism as the Orchestration Cluster REST API.

If your environment uses OIDC-based authentication, obtain an access token following Using a token (OIDC/JWT).

If no authentication is configured (for example, for local development), see No authentication (local development).

When making requests to Zeebe, replace the base URL used in examples with your Zeebe API URL.

Example:

curl -X POST "$ZEEBE_BASE_URL/v1/process-instances" \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"bpmnProcessId": "order-process", "variables": {"orderId": "12345"}}'

Token expiration

Access tokens expire according to the expires_in property of a successful authentication response. After this duration, in seconds, you must request a new access token.

Token expiration​

Token expiration