Generate an API Access Token
We recommend using an API access token to authenticate to Vault API. Instead of initiating a session with a user name and password, users can provide the value of their access token in place of the session ID when sending further requests to Vault API.
If you do not have any existing access tokens, you must first send an authentication request to obtain a session ID, then send a second request to generate an access token. To do this, call the auth endpoint.
Send an Authentication Request
Section link for Send an Authentication RequestThe auth endpoint (/api/{version}/auth) expects two URL-encoded form parameters (x-www-form-urlencoded): username and password.
Request
Section link for Requestcurl -X POST -H "Content-Type: application/x-www-form-urlencoded" \
-d 'username={username}&password={password}' \
"https://{server}/api/{version}/auth"This call returns a JSON response that contains the session ID.
Response
Section link for Response{
"responseStatus": "SUCCESS",
"sessionId": "3B3C45FD240E26F0C3DB4F82BBB0C15C7EFE4B29EF9916AF41AF7E44B170BAA01F232B462BE5C2BE2ACB82F6704FDA216EBDD69996EB23A6050723D1EFE6FA2B",
"userId": 12021,
"vaultIds": [
{
"id": 1776,
"name": "PromoMats",
"url": "https://promo-vee.veevavault.com/api"
},
{
"id": 1782,
"name": "Platform",
"url": "https://platform-vee.veevavault.com/api"
}
],
"vaultId": 1776
}You've now authenticated to Vault API and obtained a valid session ID. While session IDs expire after a period of inactivity, an access token may be valid for up to 90 days. Now, you can send a request to generate an access token.
Generate an Access Token
Section link for Generate an Access TokenThe Generate My API Access Token endpoint (/api/{version}/objects/users/me/api_access_token__sys) expects two URL-encoded form parameters (x-www-form-urlencoded): name__v and expiry_date__v.
Request
Section link for Requestcurl -X POST -H "Authorization: {SESSION_ID}" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H 'Accept: application/json' \
-d "name__v=IntegrationKey" \
-d "expiry_date__v=2026-12-31T12:00:00:00.000Z" \
https://myvault.veevavault.com/api/v26.2/objects/users/me/api_access_token__sysThis API call returns the id of the access token as well as its value (token__sys).
Response
Section link for Response{
"responseStatus": "SUCCESS",
"data": {
"id": "V8T000000002001",
"token__sys": "veeva-vault-019e9338..."
}
}In the response above, the generated access token value begins with veeva-vault- followed by a randomized string. To make subsequent API calls, the Authorization HTTP header accepts the access token value preceded by the Bearer keyword.
Continued Learning
Section link for Continued Learning- To understand the purpose of API access tokens, learn more about generating access tokens.
- To keep your session active without compromising performance, learn more about best practices for session management.
- To understand what happens if you try to authenticate to an inactive Vault, learn more about authentication defaulting.
- If you're a Vault Admin, learn how to configure Session Duration in Vault Help
.