To use Skyflow's Management API, Data API, or SDKs, you need a bearer token to authenticate your API calls. Bearer tokens allow time-limited, scoped, and permission-sensitive access to your Skyflow account and the vaults it contains.

infoSkyflow's bearer tokens match the RFC's Authorization Bearer Token Header specification.


    Sign in to your Skyflow account:

      For sandbox and production environments, use your dedicated sign-in URL.

    If you don't have an account, sign up for a free trial account.

    Create a vault

Generate a bearer token

You can generate a bearer token with an SDK or (if you're in a trial environment) through Skyflow Studio.

Use an SDK

When you integrate your backend systems with one of Skyflow's SDKs, you can use service account credentials to generate bearer tokens. Bearer tokens generated from SDKs are valid for 60 minutes and let you make API calls allowed by the policies associated with the service account.

Step 1: Create a service account

A service account is an identity for machine access to your vault. A service account's roles, and the policies attached to those roles, decide the level of access a service account has to a vault.

If you already have a service account, skip to step 2.

infoYou must have Vault Owner permissions to create a service account.
    In Studio, click Settings in the upper navigation.In the side navigation, click Vault, then choose the vault you want to create a service account for from the dropdown menu.Under IAM, click Service Accounts, then click New Service Account.For Name, enter a value. For example, "Authentication".For Roles, select Vault Editor.Click Create.Your browser downloads a credentials.json file. Store this file in a secure location. You'll need it to generate bearer tokens.

Step 2: Install the SDK

Now that you have your credentials.json file, it's time to prepare the SDK in the language of your choice.

Make sure your project is using Go Modules:

go mod init

Then reference skyflow-go in a Go program with import:

import (
  saUtil ""
  Skyflow ""

Step 3: Generate the bearer token

With the SDK installed, you can generate bearer tokens by passing your credentials.json file into an appropriate language-specific function.

The Go SDK has two functions that can take credentials.json and return a bearer token:

    GenerateBearerToken(filepath) takes the path to credentials.json as input.GenerateBearerTokenFromCreds(credentials) takes the body of credentials.json as a string as input.


package main
import (
    saUtil ""
var bearerToken = ""

func GetSkyflowBearerToken() (string, error) {

    filePath := "<PATH_TO_CREDENTIALS.JSON>"
    if saUtil.IsExpired(bearerToken) {
        newToken, err := saUtil.GenerateBearerToken(filePath)
        if err != nil {
            return "", err
        } else {
            bearerToken = newToken.AccessToken
            return bearerToken, nil
    return bearerToken, nil

Once you have your bearer token, you can programmatically interact with Skyflow APIs. See next steps.

Use Studio

If you're in a trial environment, you can generate bearer tokens through Studio. Bearer tokens generated in Studio are valid for 24 hours and let you make API calls allowed by the policies associated with your account.

    In Studio, click your account icon and choose Generate API Bearer Token.Click Generate Token.

Studio copies the token onto your clipboard.

"Generating a bearer token in Studio."

Next steps

You can now use your bearer token to interact with Skyflow APIs.

If you're new to Skyflow, see the Get started guide. Otherwise, see the various ways you can use Skyflow APIs:

In this article