CleverTap uses a header based authentication model to authenticate requests to the API.


Every CleverTap API call should include both your Account ID and Account Passcode as the request headers. If your CleverTap admin has opted for User-Passcode instead of Account Passcode, you have to use your User-Passcode instead in the passcode header. The CleverTap API expects these values to be keyed as X-CleverTap-Account-Id and X-CleverTap-Passcode.

Getting Your Account Credentials

Your CleverTap Account ID and Account/User Passcode are available on the Settings page. To navigate to the Settings page, log in to your CleverTap account, click on the gear icon on the bottom left navigation, and select Settings dashboard.


Here is an example cURL request to the Events API showing the headers needed to authenticate the request.

curl "" \
-H "X-CleverTap-Account-Id: YOUR_ACCOUNT_ID" \
-H "Content-Type: application/json"
require 'net/http'
require 'uri'
uri = URI.parse("")
request =
request.content_type = "application/json"
request["X-Clevertap-Account-Id"] = "YOUR_ACCOUNT_ID"
request["X-Clevertap-Passcode"] = "YOUR_ACCOUNT_PASSCODE"
req_options = {
  use_ssl: uri.scheme == "https",
response = Net::HTTP.start(uri.hostname, uri.port, req_options) do |http|
puts response.body



Use the URL based on your location:

  • India -
  • Singapore -
  • U.S. -

Next Steps

Now that you understand how to authenticate with the CleverTap API, you are ready to make your first API call.

Start with Get Events API which shows you how to request App Launch events from CleverTap.

User Passcode for APIs

You can enforce dashboard users to use user passcode rather than account passcode for API authentication. User passcode offers a better security standard while using CleverTap APIs.

User passcodes are unique to each user and granted by admin to users.

How To Enable User Passcode For a User

If you are an admin user, to enable using user passcode, go to Settings > Users. Pick a user from the list and click on Grant as shown below:

User Passcode TTL (Time To Live)

When you grant the passcode to a user, you need to specify the time period until which the passcode remains valid. You can choose between Finite (1-365 days) and Infinite (never expire passcode).

Once you grant the user a user passcode, the user can see their user passcode on the Settings page as shown below:

Resetting and Revoking User Passcode

An admin can reset or revoke an existing user passcode by going to the user's page and clicking on one of the following options:

Reset passcode will generate a fresh new passcode for the user. Post resetting the user will have to incorporate the new passcode to APIs.
Revoke passcode will invalidate the existing passcode for the user and the user can no longer fire API calls using their passcode.


When to use user passcodes instead of account passcodes?

There can be situations where it becomes risky to give away account passcode of your CleverTap account to people inside and outside of your organization. It exposes your account to security risks. Therefore, it is best to grant user passcodes to specific users who would use CleverTap APIs instead of account passcode.

Did this page help you?