How to manage basic authentication with personal access tokens


The MedStack Control API authenticates and authorizes requests using basic authentication. You can create a set of basic authentication credentials in the User profile section found as an option when you click the user icon on the far right of the top navigation bar.

Personal access tokens

Within the Security section of the User profile, you can Manage tokens to create, view, and delete personal access tokens. You can also quickly access API Tokens from the user dropdown menu on the navigation bar.


When a personal access token is used in an API request, certain requests appear in the Recent activity log where the "Actor" of the activity is the user who created the personal access token.

Personal access tokens are used for basic authentication in API requests where the username is the token, and the password is the token value. These credentials are passed in the header of an API request to the MedStack Control API.

The username and password of the token are randomly generated alpha-numeric strings.


To create a personal access token, click New token above the table of personal access tokens.

  1. Select the company. The company selected when creating the personal access token specifies the scope that the token is authorized to make API requests within.
  2. Optional – Add a note to help remind you of the purpose behind the personal access token.
  3. Click Generate token.


Capture your token value

The token value is the password used in basic authentication and is only visible once immediately after you've created the personal access token. You will not be able to view token values after they've been created.


We recommend deleting tokens as part of the process to roll tokens often. To delete a token, simply identify the token you'd like to permanently delete in the personal access tokens table and click Delete.

What's next

Head over to the API reference to learn how to interact with the MedStack Control API.