When making any API requests, you have to authenticate in one of the following ways:
- By generating a personal API token
- By requesting an OAuth 2 access token
Please use HTTPS to send API requests.
Calls made over plain HTTP will fail.
- Please note that you must have an admin role in a project in order to access that project with the supplied API token.
- To generate a new API token, open Lokalise and click on your team avatar in the bottom left corner.
- Proceed to Profile settings > API tokens.
- Click Generate new token and choose the token type to create (read-only or read/write).
- Copy the newly created token and store it safely in your app (specifically, it should be added to Git version control).
- Your token should be sent with every API request inside the
- You find more info on API tokens in the official docs.
- You can also find API token usage examples in the Lokalise API: Sample apps section.
If your app needs to act on behalf of another user, you can implement an OAuth 2 flow:
- Contact our support team via the chat widget on lokalise.com and ask to register a new OAuth 2 app. Please provide the following info:
- Title of your application
- Logo of your application (150x150px, PNG or JPG)
- Description of your application (optional).
- Link to app website/documentation (optional).
- Required scopes. Find the list of required scopes for the corresponding API endpoints
- You'll be provided with a client ID and client secret. Please bear in mind that the client secret must never be publicly exposed.
- Your app should redirect the user to the authentication URL
<https://app.lokalise.com/oauth2/auth>. The following GET params must be added to this URL:
redirect_uri— a URL in your application where users will be sent after authorization.
scope— should contain a list of space-separated scopes that your app needs access to. For example, you'll need a
write_projectsscope to create new projects. You can find the required scopes under each API endpoint.
state(optional if you are not using
redirect_uri) — a random string used to protect against CSRF attacks.
- Once the user grants access to their account, they will be redirected back to your app along with an
oauth_code. Your app should make a POST request to
<https://app.lokalise.com/oauth2/token> along with the following body params:
grant_type— should be
code— the code sent to your app
- After sending the POST request, you'll receive a response with
refresh_token. You can now make requests to the API by providing the
Authorizationheader in the following way:
curl -H "Authorization: Bearer someAccessToken" https://api.lokalise.com/api2/projects
- Access tokens usually expire in 60 minutes, so in order to request a new token, your app should send another POST request to
<https://app.lokalise.com/oauth2/token> with the following data:
grant_type— should be