Skip to main content
Version: Next


Most requests of the Public REST API need to include a bearer token as an Authorization request header.

Given a valid token mySecret, the header would need to be set as follows:

Authorization: Bearer mySecret

The token used to access the Optimize API can be a configurable shared secret (except in Camunda 8 SaaS mode) or a JWT compliant with the OAuth2 Protocol (all modes).

Refer to Public API Configuration for the particular configuration to access the public API using a token.

How to obtain the access token for Camunda 8

You must obtain a token to use the Optimize API. When you create an Optimize client, you get all the information needed to connect to Optimize.

See our guide on building your own client.

The following settings are needed:

NameDescriptionDefault value
client idName of your registered client-
client secretPassword for your registered client-
audiencePermission name; if not given use default
authorization server urlToken issuer server-

Send a token issue POST request to the authentication server with the following content:

"client_id": "<client-id>",
"client_secret": "<client-secret>",
"audience": "<audience>",
"grant_type": "client_credentials"

See the following example with curl:

curl -X POST --header 'content-type: application/json' --data '{"client_id": "<client-id>", "client_secret":"<client-secret>","audience":"<audience>","grant_type":"client_credentials"}' https://<authorization server url>

If the authentication is successful, the authentication server sends back the access token, when it expires, scope, and type:

"access_token": "ey...",
"scope": "...",
"expires_in": 86400,
"token_type": "Bearer"

Use it in Postman

Work with this API in our Postman collection.