The API's support a few different methods of authentication in addition to the normal session-based authentication used on the rest of CommCare HQ. This makes it easy to access these URLs programmatically.

The examples below use cURL

Basic authentication

See Wikipedia for details of basic authentication.

Example (will prompt for the password):

curl -v -u [USERNAME] '[URL]'

You can also include the password in the command as follows:

curl -v -u [USERNAME]:[PASSWORD] '[URL]'

Digest authentication

See Wikipedia for details of digest authentication.

Similar to Basic auth but add the --digest parameter:

curl -v --digest -u [USERNAME] '[URL]'

Api Key authentication

Your API Key can be found at

If you use this method of authentication, you do not need to provide a 2 factor OTP header (this is only relevant for API calls with 2 factor auth required.)

curl -H "Authorization: ApiKey [USERNAME]:[API_KEY]" '[URL]'
  • No labels

1 Comment

  1. Anonymous

    POST requests seem to still use Basic Authentication:

    curl -v --user [USERNAME]:[PASSWORD] '[URL]'