Skip to main content

Get a destination token

Before a protected destination can be used a token is needed.


The lifetime of a destination token is 60 minutes. After that a new token needs to be fetched.

Register application

Before a token can be requested an application needs to be configured for the destination. This is done in the Destinations section in Studio under the tab Applications. A display name needs to be provided for the application registration. After creation the secret will be shown. Make sure to copy it as it will not be possible to retrieve later, However, it is possible to reset the secret.

An image from the static


The application tab will only be displayed if the destination is protected.

Generate token

To generate a token the following is needed:

  • Destination id: found under the settings tab in Destination
  • Client id: from application registration
  • Client secret: from application registration

By doing a POST request to the url[@DestinationId]/token and providing a body of the client id and client secret a new token is retrieved.

/*Token request body*/

clientId : "@ClientId",
clientSecret : "@ClientSecret"

Code samples

using System.Net.Http.Headers;
using System.Text;
using System.Text.Json;

var baseAddress = "";
var destinationClientId = "@destination_clientId@";
var destinationSecret = "@destination_secret@";
var destinationId = "@destination_id@";

var httpClient = new HttpClient();
httpClient.BaseAddress = new Uri(baseAddress);

dynamic credentials = new { clientId = destinationClientId, clientSecret = destinationSecret };

var content = new StringContent(JsonConvert.SerializeObject(credentials), Encoding.UTF8, "application/json");

var tokenResponse = await httpClient.PostAsync($"{destinationId}/token", content);
var tokenResponseContent = await tokenResponse.Content.ReadAsStringAsync();
var tokenDocument = System.Text.Json.JsonSerializer.Deserialize<JsonDocument>(tokenResponseContent);
var token = tokenDocument.RootElement.GetProperty("accessToken").GetString();


Do not include secrets in frontend JavaScript code or add to source control. Remove secrets that are no longer needed.