Skip to main content
The ClearPolicy API uses bearer tokens for authentication. Every request must include a valid API token in the Authorization header. Tokens are tied to the organization where they were created, so the token you use determines which organization’s data is returned.

Create an API token

Organization owners and administrators can create API tokens in ClearPolicy.
1

Open API settings

In the ClearPolicy dashboard, go to Settings -> API.
2

Create a token

Click Create API Token. Give the token a clear name, such as Reporting automation, so your team knows where it is used.
3

Copy the bearer token

Copy the token when ClearPolicy shows it. You will not be able to view the full token again after you close the dialog.
4

Store it securely

Save the token in your password manager, secrets manager, or integration settings. Do not share it in email, chat, or public code.

Pass the token in requests

Include the token in the Authorization header of every API request: 
Authorization: Bearer YOUR_ACCESS_TOKEN
Example request using the token: 
curl https://api.clearpolicy.app/api/v1/me \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Error responses

StatusMeaning
401 UnauthorizedThe token is missing, expired, or invalid.
403 ForbiddenThe token is valid but lacks permission for the requested resource.
Tokens are organization-scoped. All API responses reflect the organization where the token was created.
API access also follows the team member’s ClearPolicy role. Owners and administrators can create and manage API tokens. Tokens tied to a Group Manager can confirm the token with GET /me, but people, documents, and attestation request endpoints return 403 Forbidden.

Revoke a token

Go to Settings -> API to review active API tokens. You can see who created each token, when it was created, when it was last used, and when it expires. Click Revoke to remove access for a token you no longer need.
Last modified on May 27, 2026