Skip to main content
All API requests require a Bearer token in the Authorization header. Tokens are scoped to your team and provide access to all brands within your account.

Getting Your API Token

1

Navigate to API Access

Go to your Team Management > API Access.
2

Create a new token

Click Create API Token and give it a descriptive name (e.g., “Marketing Dashboard”, “Data Warehouse”).
3

Copy and store securely

Your token will be shown only once. Copy it immediately and store it securely.
Keep your tokens secure! Never commit tokens to version control or share them publicly. If a token is compromised, revoke it immediately from Team Management > API Access.

Using Your Token

Include the token in the Authorization header with the Bearer prefix: 
curl -X GET "https://www.qwairy.co/api/v1/brands" \
  -H "Authorization: Bearer qw-api-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

Token Format

All Qwairy API tokens follow this format: 
qw-api-[32 hexadecimal characters]
Example: qw-api-a1b2c3d4e5f6789012345678abcdef01

Authentication Errors

Authentication failures return HTTP 401 with a flat body — error is a short status label and message explains the failure:
Conditionmessage
Missing or malformed Authorization header (not Bearer <token>)Missing or invalid Authorization header. Use: Authorization: Bearer qw-api-xxx
Invalid or revoked token, or plan below GrowthInvalid API token or insufficient subscription plan (Growth+ required)

Example Error Response

{
  "error": "Unauthorized",
  "message": "Missing or invalid Authorization header. Use: Authorization: Bearer qw-api-xxx"
}
See Error Codes for the full list of error shapes, including the nested shape used by resource (validation and not-found) errors.

Best Practices

Use Environment Variables

Store tokens in environment variables, not in code.
export QWAIRY_API_TOKEN="qw-api-xxx"

Create Descriptive Names

Name tokens by their purpose for easy management.

Rotate Regularly

Delete and recreate tokens periodically for security.

Use Separate Tokens

Create different tokens for different integrations.

Managing Tokens

You can manage your API tokens from Team Management > API Access:
  • View tokens: See all active tokens with their last usage date
  • Delete tokens: Revoke access immediately by deleting a token
  • Create new tokens: Generate new tokens as needed
There’s no limit to the number of tokens you can create, but we recommend keeping only the tokens you actively use.