Authentication requirements and API tokens

Authentication requirements for Skedulo API users

Skedulo or Skedulo for Salesforce users require an API key to access the Skedulo Lens API and follow the majority of the procedures included in this developer documentation.

The API key can be either long-lived or time-limited, and is used to authenticate users to the API.

Skedulo API token users

Skedulo users with administrator permissions can create and manage API tokens through the Developer Tools > API tokens section of the Skedulo web application.

See Authentication for Skedulo for Salesforce for information about using API tokens to access the Skedulo API from your Skedulo for Salesforce managed package.

Skedulo Lens API requests

Requests to the Skedulo Lens API REST and GraphQL endpoints must be made using HTTPS protocol for additional security and encryption.

You can use any HTTP-enabled API client to call the Skedulo API using a standard HTTP method (GET, POST, PUT, DELETE) to call a valid Skedulo REST endpoint.

REST API endpoints expect requests to be made in JSON format. See the Skedulo API Reference Documentation for a full list of supported Skedulo REST API endpoints.

The Skedulo GraphQL API endpoints only support POST requests and expect requests in GraphQL format. GraphQL queries allow you to request specific information from the API using a single request.

The Skedulo web application includes the GraphiQL web extension for creating and testing GraphQL queries and exploring the schema. You can enable this web extension using Developer Tools > Web extensions in the web app settings. To explore the standard Skedulo GraphQL Schema, see the GraphQL Schema Documentation.

Create a token using the API

You can also create an API token by making a POST request to the /auth/token endpoint.

  1. Obtain a jwt_token from your Skedulo account to use as a bearer token. You can do this by running the following JavaScript in the web application browser console:

  2. Use cURL or your preferred REST client to send a POST request to with the JWT token returned in the first step as a bearer token. For example:

curl -X POST -H "Authorization: Bearer $ACCESS_TOKEN" -d '{}'
You must include the brackets (`{}`) in the request body, which can be empty for a long lived token, or include a time you want the token to expire.  

See the Skedulo API Reference Guide for more information about the /auth endpoint.

Use the access token

The access token obtained above is a Base64 encoded JavaScript Web Token (JWT). Place it into the Authorization header using the Bearer method when making REST API requests.

For example:

curl -X GET -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik9ESkNORFE0TkRJMVJUTkJNekE1TlRFNVJqVTFORGxDUXpjME9EZEJOVEF3T1RjNE1rVkZSUSJ9.eyJodHRwczovL2FwaS5za2VkdWxvLmNvbS92ZW5kb...-dpYZm_8YuaUYTnMrS4Fs3fQTDxM0oEkt9CWWJxPQTOv3l3pjp3sgDeuRvzYcaFZuoVTVLPYNidL9Pc5gPMrsXpTxOJL3nMF-2GmJJ5YHAXgG2cQc9MmL74u7IsGbQ-qg"

This will return a result like the following:


Example using Postman

Auth settings using Postman

Example using Paw

Auth settings using Paw

Example using Insomnia

Auth settings using Insomnia

Setting the API key as an environment variable

This documentation uses $AUTH_TOKEN to represent a long-lived API token as an environment variable. You can create an environment variable for your own environment to avoid having to look up your key for every request.

Set your API key as the AUTH_TOKEN variable by adding the following to your local configuration file: