Authentication

Every Temporis API request authenticates with a bearer token. Here's how to create one, send it, and keep it safe.

Access tokens

You create access tokens in the dashboard, under Access Tokens. A token is a long random string prefixed with ts_.

The full token is shown once, at the moment you create it. Temporis stores only a hash of it server-side, never the token itself. That means a lost token cannot be recovered — if you lose it, delete it and create a new one.

Treat tokens like passwords

Anyone holding one of your tokens can ingest data and run predictions — and predictions are billed to your account. Guard them accordingly.

Authenticating a request

Send the token in the Authorization header on every request, using the Bearer scheme:

Authorization: Bearer ts_your_token_here

The examples throughout these docs read the token from a TEMPORIS_TOKEN environment variable, so the secret never appears in source. Export it once in your shell:

export TEMPORIS_TOKEN="ts_your_token_here"

Then attach it as a header:

curl https://api.temporis.co/v1/predict \
  -H "Authorization: Bearer $TEMPORIS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ "data_profile": "hourly_orders", "count": 5, "temperature": 1.0, "top_p": 0.9 }'
import os, requests

token = os.environ["TEMPORIS_TOKEN"]

resp = requests.post(
    "https://api.temporis.co/v1/predict",
    headers={"Authorization": f"Bearer {token}"},
    json={"data_profile": "hourly_orders", "count": 5, "temperature": 1.0, "top_p": 0.9},
)
resp.raise_for_status()
const token = process.env.TEMPORIS_TOKEN;

const resp = await fetch("https://api.temporis.co/v1/predict", {
  method: "POST",
  headers: {
    "Authorization": `Bearer ${token}`,
    "Content-Type": "application/json",
  },
  body: JSON.stringify({ data_profile: "hourly_orders", count: 5, temperature: 1.0, top_p: 0.9 }),
});

When authentication fails

If the Authorization header is missing or malformed, or the token is unknown, the API responds with HTTP 401 and a JSON body describing what went wrong:

{ "detail": "Invalid access token." }

A missing or malformed header returns { "detail": "Missing access token." } instead. Both are 401s. See Errors & status codes for the full list of responses.

Keeping tokens safe

A few habits keep your tokens out of the wrong hands:

  • Never commit tokens to source control, and never put them in client-side code. Browsers and mobile apps ship their source to users.
  • Read tokens from environment variables or a secrets manager. Keep them out of logs, screenshots, and tickets.
  • Create a separate token per service so you can revoke one without disrupting the others.
  • Delete a token in the dashboard to revoke it instantly. Deletion takes effect immediately — the next request using that token gets a 401.

Next steps

Ingest records →

Send observations into a data source.

Create a prediction →

Draw sampled futures from a data profile.

Quickstart →

Go from token to first forecast.