Tags: Flow


Flow does not provide a public API for unauthenticated access. All API calls must be authenticated either by an in-browser logged in session or API key.  

The Flow API uses OAuth authentication. This means that instead of supplying your Pluralsight credentials to a third-party tool to authenticate your identity, which is a serious security concern, you provide an encrypted string called an API key. The API key is a unique encrypted string that Flow uses to identify and authenticates users.  

Tip: Instead of assigning an API key to individual users, Flow recommends that you create an API service account and assign an API key to that account. You would then supply that key when interacting with a REST client or application. A step-by-step guide for creating a service account is available here.

Create an API key

  1. Select Settings then click API keys from the menu.
  2. Click the Create button on the User API Keys panel.  
  3. Select the down arrow to display a list of current users, and enter the name of the user to whom you want to assign the API key.  
  4. Click the Submit button. The API key is displayed in the Key column for the user. For security, Flow shows only the last few characters of the key.
  5. Click the API key to copy it to the system’s clipboard.  

Deactivate an API key

If you want to revoke a user’s access the Flow API, you must deactivate their API key.

  1. Select Settings then click API Keys from the menu.
  2. Select the checkbox of the user whose API key you want to deactivate.
  3. Click the Deactivate button.

Authenticate in a client  

Before calling the API from your client, you must authenticate the call by passing in the API key using the header, as shown in the below image of the Postman client:

  1. Click the Authorization tab.
  2. Select Bearer Token from the type drop-down list.
  3. Paste your Flow API key in the Token field.
  4. Enter your request URL

Authenticating in cURL

Here is an example cURL request.  You can see the proper header structure(‘Authorization: Bearer token’)

curl -X GET --header 'Accept: application/json' \
--header 'Authorization: Bearer your_token_goes_here' \

back to top

If you need help, please email for 24/7 assistance.