API access to data is controlled at several levels. First, a token must be obtained. Tokens are on a per user/account level. The user generated tokens are created with a specific role or set of capabilities. The actual capabilities depend on the token owner’s role relative to the vault(s) being accessed.
Tokens should be safeguarded at the same level as other authentication information such as passwords. Like passwords, tokens cannot be retrieved from the web application. If you lose your token, you must delete the old one and create a new one.
Every API request must include the "X-CDD-Token" HTTP header. The value is an API token that you can obtain through the API Key management page by navigating to the Settings-> User-> API Keys page.