Authentication

All Determ API requests require a Bearer token for authentication. This page explains how to obtain, use, and secure your token.

Overview

The Determ API uses Bearer token authentication. Every request must include an Authorization header with your token:

Authorization: Bearer YOUR_API_TOKEN

There is no OAuth flow, no client ID/secret, and no token refresh mechanism. If your organization is on an API plan, every user in the organization has their own static access token tied to their user account.

Getting Your Token

1. Log in to app.determ.com
2. Open Settings > Account Settings
3. Find the API token field
4. Click to reveal and copy the token

WARNING

The API token field is only visible if your Determ plan includes API access. If you do not see the field, contact your account manager to upgrade.

Using the Token

Include the token in the Authorization header of every request:

GET/v2/me

Example endpoint used to verify your authentication is working.

Headers

Authorizationstringrequiredheader

Bearer token in the format: Bearer YOUR_API_TOKEN

Code Examples

curl

curl -X GET "https://api.mediatoolkit.com/v2/me" \
  -H "Authorization: Bearer YOUR_API_TOKEN"

Python

import os
import requests

API_TOKEN = os.environ["DETERM_API_TOKEN"]

response = requests.get(
    "https://api.mediatoolkit.com/v2/me",
    headers={"Authorization": f"Bearer {API_TOKEN}"}
)

print(response.json())

JavaScript

const API_TOKEN = process.env.DETERM_API_TOKEN;

const response = await fetch("https://api.mediatoolkit.com/v2/me", {
  headers: {
    "Authorization": `Bearer ${API_TOKEN}`,
  },
});

const data = await response.json();
console.log(data);

PHP

<?php

$apiToken = getenv("DETERM_API_TOKEN");

$ch = curl_init("https://api.mediatoolkit.com/v2/me");

curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER => [
        "Authorization: Bearer " . $apiToken,
    ],
]);

$response = curl_exec($ch);
curl_close($ch);

$data = json_decode($response, true);
print_r($data);

Authentication Errors

If your token is missing, invalid, or expired, the API returns one of these HTTP status codes:

Status	Meaning	What to Do
401 Unauthorized	Token is missing or invalid	Check that the Authorization header is present and correctly formatted
403 Forbidden	Token is valid but lacks permission for this resource	Verify you have access to the requested organization or resource

Example error response:

{
  "status": 401,
  "message": "Unauthorized",
  "timestamp": 1713200000000
}

Security Best Practices

Do Not Commit Tokens to Version Control

Never hardcode your API token in source files. Use environment variables instead:

# Set the environment variable
export DETERM_API_TOKEN="your-token-here"

Add token files to .gitignore:

.env
.env.local
*.token

Use Environment Variables

Store your token in a .env file for local development and in your CI/CD platform's secrets manager for production:

# .env (local development only — never commit this file)
DETERM_API_TOKEN=your-token-here

Restrict Access

• Share your token only with services and team members that need it
• Use a dedicated service account if multiple systems need API access
• Monitor your API usage for unexpected patterns

Next Steps

• Getting Started — Make your first API call
• Errors & Rate Limits — Handle error responses and rate limits
• API Reference — Explore all available endpoints