Tags: Flow

Flow does not provide a public API for unauthenticated access. All API calls must be authenticated either by an in-browser logged in session or API key.

Who can use this?



The Flow API uses OAuth authentication. This means that instead of supplying your Pluralsight credentials to a third-party tool to authenticate your identity, which is a serious security concern, you provide an encrypted string called an API key. The API key is a unique encrypted string that Flow uses to identify and authenticates users

Tip: Instead of assigning an API key to individual users, Flow recommends that you create an API service account and assign an API key to that account. You would then supply that key when interacting with a REST client or application. See Service accounts in Flow for a step-by-step guide for creating a service account.


You need the Manage API Keys permissions to create or delete API keys.

back to top

Create an API key

To create an API key:

  1. Select Settings then click API keys from the menu.
  2. Click the Create API key button on the User API Keys panel. You can only create an API key for yourself.
  3. A modal will pop up displaying your API key. Copy the API key from the modal. Once you close the modal, you will be unable to view the key again. Only one active API key can exist for each user.
  4. Click Save and close. You’ll see the below banner stating your API key was created.

Note: If you see a message stating that an API key already exists for you, you’ll be prompted to delete your current API key before you can create a new one.

back to top

Delete an API key

To delete an API key:

  1. Select Settings then click API Keys from the menu.
  2. If you have an existing API key, you’ll see a row with your information on it. The right column displays the option for you to delete your API key.
  3. Click Delete.
  4. A modal will pop up prompting you to confirm your deletion. Click Delete API.

Note: Deleting your API key is a permanent action and cannot be reversed.

back to top

Authenticate in a client

Before calling the API from your client, you must authenticate the call by passing in the API key using the header, as shown in the below image of the Postman client:

  1. Click the Authorization tab.
  2. Select Bearer Token from the type drop-down list.
  3. Paste your Flow API key in the Token field.
  4. Enter your request URL

Here is an example cURL request. You can see the proper header structure (‘Authorization: Bearer token’).

back to top

Authenticating in cURL

curl -X GET --header 'Accept: application/json' \ --header 'Authorization: Bearer your_token_goes_here' \ ''

back to top

If you need help, please contact Pluralsight Support.