Skip to content

Authentication

Authenticated endpoints use bearer token authentication. You pass a token you generated in the app in the Authorization header of every request.

  1. Sign in to Updatify.
  2. Go to API tokens in the app.
  3. Create a new token, giving it a descriptive name (e.g. mobile-app or zapier) so you can tell your tokens apart later.
  4. Copy the token immediately — it is shown only once. Updatify stores only a hashed version and cannot display it again.

Send the token as a bearer credential in the Authorization header:

Authorization: Bearer YOUR_API_TOKEN

Example request:

Terminal window
curl https://updatify.io/api/v1/projects/PROJECT_ID/updates \
-H "Authorization: Bearer YOUR_API_TOKEN"

API tokens do not expire. A token stays valid until you explicitly revoke it (or until the account’s email address changes — tokens are bound to the email they were issued for, so changing it invalidates existing tokens).

Each token records a last used timestamp, so you can spot and revoke tokens that are no longer needed.

Delete a token from the API tokens page at any time. Revocation is immediate: the next request using that token returns 401 Unauthorised.

If the Authorization header is missing, malformed, or the token is invalid or revoked, the API responds with:

HTTP/1.1 401 Unauthorized
Unauthorised

See Errors for the full list of status codes.