Get a JWT for API Authentication Using an HTTP POST Request
Connecting to the Dataloop Platform API
Once you have your API Credentials set, you may use it to obtain a JWT for the Dataloop platform.
The Dataloop API uses Auth authentication scheme, where each HTTP request has JWT attached to it via the Authorization header.
Basic Flow
- Initiate an HTTP request using API Credentials and get your JWT.
- As long as the JWT is not expired, you can add it as a Bearer authorization header.
Generating a JWT
The request schema is as follows:
POST https://gate.dataloop.ai/token?default
Content-Type: application/json
Body
{ "username": "<user name>", "password": "<user password>", "type": "user_credentials"}
For example using Postman:
Click Send and you'll get a response in the following format:
{ "access_token": "...", "id_token": "...", "refresh_token": "...",}
Use the id_token (JWT) from the response as your authorization JWT for future requests.
JWT Expiration
Once the JWT expires, user should issue a request for a new JWT. Expiration period is 24 hours (but may be updated in the future).
There are many tools and libraries to decode JWTs, for example, https://jwt.io/ allows interactive decoding.
A decoded JWT will look as follows:
{ "name": "Name", "nickname": "Name", "picture": "https://example.com", "locale": "he", "updated_at": "2025-09-23T06:06:17.641Z", "email": "zaphod@dataloop.ai", "email_verified": true, "iss": "https://dataloop-development.auth0.com/", "sub": "google-oauth2|101916523885779176498", "aud": "I44w8", "iat": 1569218779, "exp": 1569283579,}
Note:
- In order to obtain the expiration date, you will need to decode the JWT. You will also need to extract the exp field to get your JWT lifetime.
- You will need to refresh your JWT before its expiration date.