An OAuth2 token is required to be sent as part of some requests to the HarmonyCMS API, in the form of an access_token in the request URL or header. Requests that require authentication will return 401 Unauthorized.

OAuth2 token (sent in a header)

curl -H "Authorization: token OAUTH-TOKEN"

OAuth2 token (sent as a parameter)


Request access token

curl -X GET \
'' \
-H 'Cache-Control: no-cache'

Required parameters

  • client_id - The resource owner's client id.

  • client_secret - The resource owner's client secret.

  • grant_type - Must be set to the value password.

  • username - The resource owner's user name.

  • password - The resource owner's password.

client_id and client_secret are used to identify the current user (you) to the REST API and deliver an authenticated access_token.


This request will returns by example:

"expires_in": 3600,
"token_type": "bearer",
"scope": null,
"refresh_token": "MWQwZWE1NjY3ODM0ZTE1YTUzOThiMzhlYTY5MjQ3ZTgyZjYyNmMyZTRlZWQ4OTY0NTFjNjg3NzkwYmU5Y2Y4NQ"

You will find a list of all requested access token in the API Access section of your account's settings.

Root endpoint

You can issue a GET request to the root endpoint to get all the endpoint categories that the REST API supports:


API Reference

Full HarmonyCMS REST API documentation car be found in the API section of the developer part of HarmonyCMS website.