Skip to content
Hawzu Docs

Using Access Tokens

1 min read

Use access tokens to authenticate Hawzu API requests from automation, CI/CD jobs, scripts, and external integrations.

Access tokens do not provide Hawzu web access. They are used only for API requests.

Authentication Header

Section titled “Authentication Header”

Send the token in the Authorization header.

Authorization: Bearer <ACCESS_TOKEN>

Use the full token value that was copied from the Access Token Created window.

Example: List Workspaces

Section titled “Example: List Workspaces”

Use this request to verify that the token can authenticate and see its available workspace.

curl -X GET https://app.hawzu.com/api/v1/workspaces \
  -H "Authorization: Bearer $HAWZU_ACCESS_TOKEN"

Learn more: List Workspaces

Example: List Projects

Section titled “Example: List Projects”

Use a workspace token or a project token with access to the relevant workspace and project data.

curl -X GET https://app.hawzu.com/api/v1/workspace/{workspaceId}/projects \
  -H "Authorization: Bearer $HAWZU_ACCESS_TOKEN"

Learn more: List Projects

Example: List Test Cases

Section titled “Example: List Test Cases”

Use a project token assigned to the project, or a workspace token with access to the project.

curl -X GET https://app.hawzu.com/api/v1/workspace/{workspaceId}/project/{projectId}/testcases \
  -H "Authorization: Bearer $HAWZU_ACCESS_TOKEN"

Learn more: List Testcases

Scope And Permissions

Section titled “Scope And Permissions”

The token can only perform actions allowed by its assigned roles.

  • Workspace tokens use the selected workspace role.
  • Project tokens use the selected project role for each assigned project.

If a request fails because of access, check whether the token is assigned to the correct workspace or project and whether the selected role allows the requested action.

When Requests Stop Working

Section titled “When Requests Stop Working”

Requests using a token can stop working when:

  • The token is disabled.
  • The token is revoked.
  • The token has expired.
  • The token does not have access to the requested workspace or project.
  • The assigned role does not allow the requested action.

Disable pauses access temporarily. Revoke removes the token permanently.

Storage Guidance

Section titled “Storage Guidance”

Keep tokens in:

  • CI/CD secret locations.
  • Cloud secret managers.
  • Environment variables managed by your deployment platform.

Do not place tokens in source code, screenshots, shared documents, or logs.

Next Steps

Section titled “Next Steps”