Generate API Access Token

Generate an API access token for a specified Vault user. Each user can be granted up to 25 active access tokens. You cannot generate access tokens for VeevaID users. Learn more about generating access tokens.

POSThttps://{vaultDNS}/api/{version}/objects/users/{user_id}/api_access_token__sys

Headers

Name	Description
`Authorization`	The Vault `sessionId` or `Bearer {access_token}`. If you do not have any existing access tokens, you must use another method to authenticate to Vault API and obtain a valid session ID.
`Content-Type`	`application/x-www-form-urlencoded` or `application/json`
`Accept`	`application/json`

URI Path Parameters

Name	Description
`vaultDNS`	The DNS of the Vault for which you want to generate a session. If the requesting user cannot successfully authenticate to this `vaultDNS`, this request generates a session for the user’s most relevant available Vault.
`version`	The Vault API version. Your authentication version does not need to match the version in subsequent calls. For example, you can authenticate with v17.3 and run your integrations with v20.1.
`user_id`	The ID of the Vault user for which to generate an access token.

Body Parameters

Name Description

Name	Description
`name__v` required	The name or description of the access token.
`expiry_date__v` optional	The expiration date of the access token, in `YYYY-MM-DDTHH:MM:SSZ` format. Dates and times are in UTC. If the time is not specified, it will default to before midnight (`23:59:59`) in the user's timezone on the specified date. The maximum expiration period may vary based on the user's security profile. If allowed by the user's security profile, this parameter can be omitted to indicate the access token never expires.

name__v

required

The name or description of the access token.

expiry_date__v

optional

The expiration date of the access token, in YYYY-MM-DDTHH:MM:SSZ format. Dates and times are in UTC. If the time is not specified, it will default to before midnight (23:59:59) in the user's timezone on the specified date. The maximum expiration period may vary based on the user's security profile. If allowed by the user's security profile, this parameter can be omitted to indicate the access token never expires.

Request

curl -X POST -H "Authorization: {AUTH_VALUE}" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H 'Accept: application/json' \
-d "name__v=IntegrationKey" \
-d "expiry_date__sys=2025-12-31T12:00:00:00.000Z" \
https://myvault.veevavault.com/api/v26.2/objects/users/12345/api_access_token__sys

Response

{
    "responseStatus": "SUCCESS",
    "data": {
        "id": "0PI00000000C002",
        "token__sys": "veeva-vault-B5A79AAD..."
    }
}

Response Details

On SUCCESS, this request returns the id for the access token as well as its value (token__sys). The access token's value is only visible upon creation and should be stored safely. If lost, you cannot recover this value and must generate a new access token for the specified user.