Welcome to the Apono Public API reference! This guide will help you start integrating Apono into your workflows. Using the API, you can easily create Access Flows, add Integrations, create and manage access requests, export activity logs, and more.
All API requests are made over HTTPS and must be authenticated. Responses are returned in JSON format.
Apono’s API uses token-based authentication. To authenticate, include the following header in each request:
If authentication is not provided or fails, a 401 "Unauthorized" response will be returned.
You can create and manage your API tokens on the API Tokens page of your Apono app or user portal. Refer to API Authentication for step-by-step instructions on generating your API tokens.
All requests should be made to the following base URL:
Include the following headers with all API calls:
For teams that want to integrate Apono’s API into internal tools, generate client SDKs, or validate request structures, we provide a full OpenAPI (Swagger) spec.
(You can import this directly into tools like Postman, Insomnia, or Swagger UI.)
Need help? Reach out to us at
Authorization: Bearer <your-api-token>HTTP/1.1 401 Unauthorized
{
"status": "401",
"code": "Unauthorized"
}https://api.apono.io/api/Content-Type: application/json
Authorization: Bearer <your-api-token>