Installer.com Docs
Getting Started

Authentication

How to authenticate with the Installer.com API using bearer tokens

Overview

The Installer.com API uses bearer token authentication.

MethodUse CaseHeader
Bearer TokenServer-to-server integrations, API clientsAuthorization: Bearer <token>

Getting an API Token

Log in to localhost:4300 and go to Settings in the sidebar.

Create an API Token

Go to the API Tokens section and click Create Token. Give it a descriptive name (e.g., "ERP Integration" or "Webhook Server").

Copy the Token

Copy the generated token immediately — it will not be shown again. Store it securely in your application's environment variables.

API tokens inherit the permissions of the user who created them. Use a dedicated service account with minimum required permissions for production integrations.

Using the Token

Include your token in the Authorization header of every request:

curl -X GET "http://localhost:8000/api/v1/partners/installers" \
  -H "Authorization: Bearer YOUR_API_TOKEN"
const response = await fetch(
  'http://localhost:8000/api/v1/partners/installers',
  {
    headers: {
      Authorization: `Bearer ${apiToken}`,
    },
  }
);

const installers = await response.json();
import requests

response = requests.get(
    "http://localhost:8000/api/v1/partners/installers",
    headers={
        "Authorization": f"Bearer {api_token}",
    },
)

installers = response.json()

Try it out directly from the List Installers API reference page.

Error Responses

Authentication failures return standard HTTP error codes:

StatusDescriptionCommon Cause
401 UnauthorizedMissing or invalid tokenToken not included, expired, or revoked
403 ForbiddenInsufficient permissionsToken user lacks required role
{
  "error": "Unauthorized",
  "message": "Invalid or expired token",
  "statusCode": 401
}

Security Best Practices

  • Never commit tokens to source control — use environment variables
  • Rotate tokens periodically and after personnel changes
  • Use minimum permissions — create tokens from accounts with only the roles needed
  • Revoke immediately if a token is compromised
  • Use HTTPS — all API traffic must be over HTTPS in production
  • Set token expiry — consider creating short-lived tokens for automated processes

Introduction

Overview of the Installer.com platform, architecture, and core concepts

Guides

Step-by-step guides for common integration tasks

On this page

OverviewGetting an API TokenNavigate to SettingsCreate an API TokenCopy the TokenUsing the TokenError ResponsesSecurity Best Practices