# Endpoint Tokens

Endpoint tokens are JWT Bearer tokens used to authorize calls to your custom endpoints from data connectors or external applications.

1. Navigate to Manage > Tokens in your Curiosity Workspace.
2. Click the + icon on the top right and select New Endpoint Token.
3. Provide a Purpose for the token to help you identify it later.
4. Specify the Endpoint Path or a partial path that this token is allowed to call.
   • Leave the path blank to allow the token to call all custom endpoints.
   • Use a prefix (e.g., analytics/) to allow the token to call any endpoint starting with that path.
5. Click Create.
6. Important: Copy the generated token value and store it securely. You will not be able to see it again after closing the dialog.

When calling your endpoint via a POST request, include the token in the Authorization header as a Bearer token.

Note that for restricted endpoints, the URL path should use the /api/endpoints/token/run/ prefix:

POST /api/endpoints/token/run/your-custom-path
Authorization: Bearer <YOUR_TOKEN>
Content-Type: application/json

{
    "data": "your-payload"
}

Tokens should follow the principle of least privilege. If a token is only needed for a specific set of analytics endpoints, ensure you set the path restriction to that specific prefix (e.g., analytics/) rather than leaving it blank.