umami
FeaturesBlogDocsPricingContact
22.8K
DocumentationAPIReportsGuidesCloud
Getting started
Overview
Authentication
Sending stats
Endpoints
Users
Teams
Events
Sessions
Websites
Website stats
Clients
API client
Node client
Getting started

Authentication

The following authentication method is only for self-hosted Umami. For Umami Cloud, you simply need to generate an API key.

POST /api/auth/login

First you need to get a token in order to make API requests. You need to make a POST request to the /api/auth/login endpoint with the following data:

{
  "username": "your-username",
  "password": "your-password"
}

If successful you should get a response like the following:

{
  "token": "eyTMjU2IiwiY...4Q0JDLUhWxnIjoiUE_A",
  "user": {
    "id": "cd33a605-d785-42a1-9365-d6cad3b7befd",
    "username": "your-username",
    "createdAt": "2020-04-20 01:00:00"
  }
}

Save the token value and send an Authorization header with all your data requests with the value Bearer <token>. Your request header should look something like this:

Authorization: Bearer eyTMjU2IiwiY...4Q0JDLUhWxnIjoiUE_A

For example, with curl it would look like this:

curl https://{yourserver}/api/websites
   -H "Accept: application/json"
   -H "Authorization: Bearer <token>"

The authorization token is expected with every API call that requires permissions.

POST /api/auth/verify

You can verify if the token is still valid.

Sample response

{
  "id": "1a457e1a-121a-11ee-be56-0242ac120002",
  "username": "umami",
  "role": "admin",
  "isAdmin": true
}
On this page
POST /api/auth/login
POST /api/auth/verify