User credentials

Authenticate API actions that need to run as a specific user.
View as Markdown

Use user credentials when your integration needs to act on behalf of a user.

For most backend services, scheduled workflows, and account-scoped automation, use account credentials instead.

What you need

You need permission to create user API credentials in the dashboard, or you need credentials issued by a user with the right access.

User credentials consist of a token and secret. Store them securely and do not expose them in client-side code, logs, notebooks, or shared configuration files.

Create user credentials

Create user credentials in the dashboard.

Create user credentials

Copy the generated token and secret. You will exchange these values for an access token.

Exchange credentials for an access token

Send the user credentials to the authentication endpoint with grant_type: "user_token".

$curl --request POST "$UMNAI_API_URL/oauth/token" \
> --header "Content-Type: application/x-www-form-urlencoded" \
> --data-urlencode "grant_type=user_token" \
> --data-urlencode "token=USER_TOKEN" \
> --data-urlencode "secret=USER_TOKEN_SECRET"
Response
1{
2 "access_token": "eyJhbGaiOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCx6Ijg5YzlmMzdhIn0.eyJzdWIiOiI4ZjQxOWE2Zi1lNDUxLTRiYjItYmQ0Ny1kZGIxZjVmYjM1N2MiLCJuYW1lIjoiSm9zZXBoIE1hc2luaSIsImVtYWlsIjoiam9zZXBoLm1hc2luaUB1bW5haS5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibWV0YWRhdGEiOnsibGFzdFRlcm1zQ2hlY2siOiIyMDI1LTAyLTI4VDE3OjA3OjU2LjU3M1oifSwicm9sZXMiOlsiQWRtaW4iXSwicGVybWlzc2lvbnMiOlsiZmUuYWNjb3VudC1zZXR0aW5ncy5yZWFkLmFwcCIsImZlLmNvbm5lY3Rpdml0eS4qIiwiZmUuc2VjdXJlLioiLCJ1bW5haS5tb2RlbHMuZGVsZXRlLnBlcm1hbnRlbnRseURlbGV0ZSJdLCJ0ZW5hbnRJZCI6ImNmNWIwOTNlLTdmNjUtNDgwZS05ODEwLTdmZWI3ODY0OTIyMiIsInRlbmFudElkcyI6WyJjMDU1MmUzZC00ZWI0LTQyODktOTg2Yi1mMGVkMWU0YWM3OWMiLCJjZjViMDkzZS03ZjY1LTQ4MGUtOTgxMC03ZmViNzg2NDkyMjIiXSwicHJvZmlsZVBpY3R1cmVVcmwiOiJodHRwczovL3d3dy5ncmF2YXRhci5jb20vYXZhdGFyLzA3ZDQ1YmE5Nzk2MDExZGQ5ZmRiZDJiMzkyZmM5NDdkP2Q9aHR0cHM6Ly91aS1hdmF0YXJzLmNvbS9hcGkvSm9zZXBoK01hc2luaS8xMjgvcmFuZG9tIiwiZXh0ZXJuYWxJZCI6bnVsbCwicGhvbmVOdW1iZXIiOm51bGwsInNpZCI6ImJmZmZjZjNmLTE3ODkt4GRhNi1hN2JkLThkZTRkMGUwODYwYiIsInR5cGUiOiJ1c2VyVG9rZW4iLCJhcHBsaWNhdGlvbklkIjoiZmJhMzE3YjQtNmIyMS00NjZhLTlkMjktZDZjZTNlZWEzZWVhIiwiYXVkIjoiODljOWYzN2EtMmQyNC00ZmE2LWJlMTItYjkxOGM4ZmIzZDEzIiwiaXNzIjoiaHR0cHM6Ly9hcHAtaXIwZXhsajh0a3ZnLmZyb250ZWdnLmNvbSIsImlhdCI6MTc3NDU0MDA1MSwiZXhwIjoxNzc3MTMyMDUxfQ.WTbu-NBi9NSxn9y4tusGJIentDWkDWF2uwcGwp3Ms_2e7yxyqJLSjYXgLjj3oZUs-oVbTJaRmFDPK7B5x8eiyUoD7WxhkcOBTwzFMkcQMkVEVCxCO_zeI_xVPz1auxiKmfNEMcToYMpxkiX401b5Oq_59vESpZPvWhsrV-eLxnADsEV8B2hGEmemAcb_64JJIHipyDfpclpznMzirE6KEJ6AEMlE3BedKV2g0Zb_jsBsQNxY-ZH-EgcGYSc8ft8JlhQZCvva32YD8Z2eJV3BIycGsEs9vnMd1RXiEL3ZrJm7T9S_fzKkIQ5d2Qarg9PAdNBOIPYFsb2Y2klkvs-GsQ",
3 "token_type": "Bearer",
4 "expires_in": 2592000
5}

The user_token grant type is a custom grant type. If you use a standard OAuth client library, you may need to configure this flow manually.

Authorise API requests

Use the returned access_token as a bearer token on subsequent API requests.

$Authorization: Bearer ACCESS_TOKEN

The response includes expires_in, which indicates how long the access token remains valid. When the token expires, exchange the user credentials for a new access token.