Skip to main content
The Vantage API authenticates all requests with an API access token. Tokens are required to ensure stability of the API and enforce rate limiting. If you do not include a token along with a request or pass an incorrect value, an error is returned within the API response.
Keep your token in a safe place; do not share it.

Create a Vantage API Service Token

Service tokens are associated with an account, not with an individual user. These tokens ensure that any changes to specific users within your Vantage account will not disrupt automated workflows.
All Service Tokens created in non-Enterprise accounts are assigned to the Everyone team.
For Enterprise customers who use Teams and Role-Based Access Control, tokens can be attached to specific teams and will inherit the permissions from their associated team. Users with Organization Owner or Team Owner permissions can create API service tokens.
Best Practice for Kubernetes and Terraform: Service tokens used for the Kubernetes agent or Terraform provider should be assigned to the Everyone team. This is required for organization-level actions such as managing provider integrations and creating teams. Service tokens assigned to other teams will not have the necessary permissions for these organization-level operations, which can result in authorization errors.
To generate an API service token:
1
On the left navigation of the Settings screen, select API Access Tokens.
2
Enter a new token name, choose a team (Enterprise accounts), select the Read and/or Write scope, and click Create.
3
Click Show to reveal and copy your token.
To revoke a token, click Delete.

Create a Vantage API Personal Access Token

Personal access tokens are associated with the user who created the token. To generate an API personal access token:
1
On the left navigation of the Settings screen, select API Access Tokens, then navigate to the Personal Access Tokens tab.
2
Enter a new token name, select the Read and/or Write scope, and click Create.
3
Click Show to reveal and copy your token.
To revoke a token, click Delete.

Choose the Right Token

Use the following guidance when deciding which token type to use:
Token typeBest forNotes
Service tokenShared automation, background jobs, CI pipelines, and long-lived integrationsIn Enterprise accounts, the token inherits the permissions of its assigned team.
Personal access tokenInteractive testing, local scripts, and requests that should run with an individual user’s accessThe token’s access follows the user who created it.
In Enterprise accounts, a token can only access the workspaces and items available to its team. If an automation needs organization-level access, such as managing provider integrations, assign the service token to the Everyone team. See the RBAC permissions reference.

Use Your Access Token in a Request

Pass your access token through the Authorization header of a request: 
curl --request GET \
  --url https://api.vantage.sh/v2/cost_reports \
  --header 'Accept: application/json' \
  --header 'Authorization: Bearer <YOUR TOKEN>'