API
API authentication
Get an API token, sign requests, rotate credentials, and scope access by role.
- Product
- Easy Hybrid DR
- Version
- v2.3.1
- Release status
- GA
- Documentation status
- Published
- Last updated
- Updated
- Reading time
- 1 min read
The Datamotive API authenticates every request with a workspace-scoped bearer token. Tokens are issued from the console or via the CLI, are tied to a role, and can be rotated without downtime.
Get a token
Create a token
From the console, open Settings, then API tokens, then Create token. Pick a role and an expiry.
Store it
Copy the token value once. The platform never displays it again. Store it in your secrets manager.
Verify access
Call the whoami endpoint to confirm the token works.
bashcurl https://api.datamotive.io/v1/whoami \ -H "Authorization: Bearer $DM_TOKEN"
Make a request
POST/v1/plans
bash
curl -X POST https://api.datamotive.io/v1/plans \
-H "Authorization: Bearer $DM_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "name": "prod-tier1", "rpoSeconds": 300, "retention": "7d" }'Token roles
| Role | Reads | Writes | Mutates state |
|---|---|---|---|
| viewer | All | None | No |
| operator | All | Plans, jobs | Yes (no delete) |
| admin | All | All | Yes |
Rotate a token
bash
dm auth tokens create --role operator --name ci-bot --expires 90d
# Deploy the new token to all callers, then:
dm auth tokens revoke --id <old-token-id>Errors
| HTTP code | Reason | Action |
|---|---|---|
| 401 | Missing or invalid token | Re-issue the token. Confirm the Authorization header is present. |
| 403 | Role does not permit this action | Use a higher-privileged token or change the role. |
| 429 | Rate limit exceeded | Backoff with exponential retry. Limits are per workspace per minute. |
Related docs
Was this page helpful?