Getting started

Authentication

All Pixwel API requests use HTTP Basic authentication. You authenticate with your email and a long-lived API token — not your password.

Step 1 — Get a token

Exchange your email and password for an API token by calling GET /api/session with Basic auth using your login credentials.

Request
GET /api/session HTTP/1.1
Authorization: Basic <base64(email:password)>
Accept: application/json
Response
{
  "token": "abc123…",
  "email": "you@example.com"
}

Save the returned token — you'll use it for every subsequent request.

Step 2 — Use the token

For all API requests, use Basic auth with your email and the literal string token- followed by your token value. Base64-encode the combined string.

Authenticated request
GET /api/assets HTTP/1.1
Authorization: Basic <base64(email:token-TOKEN)>
Accept: application/json

For example, if your email is you@example.com and your token is abc123, you would Base64-encode you@example.com:token-abc123.

Token lifetime

Tokens do not expire automatically. You can revoke a token by signing out via DELETE /api/session or by regenerating credentials in your account settings. Store tokens securely — treat them like passwords.