The same list of user accounts that can log in to CData Sync directly is used to manage Sync API access. Each user that is created within the application can be granted an Auth token that is used to authenticate to the Sync API. A list of authorized users and associated Auth tokens are available by selecting Settings > Users in the administration console.

You can use Auth tokens within API requests to perform the following actions:

• Include an x-cdata-authtoken header in the HTTP request with the value set to an appropriate user’s authorization token

• Treat the user and Auth token as a username-password combination for HTTP basic authentication.

• Include the Auth token in the request URL as a query parameter.

To include the authorization token in the request URL, you must enable the Allow Authtoken in URL setting. This setting appears in the Other Settings section at the bottom of the Admin API tab. After you enable this setting, the syntax of the Auth-token query parameter is as follows: @authtoken=MyAuthTokenValue.