API v2 Authentication

There are two different ways to authenticate when performing API requests:

  • E-Mail and password
  • Oauth Access Token

E-Mail and password

To hit the ground running with the PhraseApp API, just use HTTP Basic authentication with your email and password:

curl -u username:password "https://api.phraseapp.com/api/v2/projects"

Every HTTP client ships with built-in support for HTTP Basic authentication, so this is the easiest way to get started.

If you do not enter your password in the command, cURL will prompt you for it.

OAuth via Access Tokens

OAuth is preferred over Basic authentication because OAuth tokens can be limited to specific scopes, and can be revoked by users at any time. You can create and manage OAuth access tokens in your profile settings in Translation Center or via the Authorizations API.

Send via Basic authentication

To authorize using Basic authentication, simply pass the access token as the username of your request:

curl -u ACCESS_TOKEN: "https://api.phraseapp.com/api/v2/projects"

You must not provide a password. Put a colon after the actual access token to skip the password prompt in cURL.

Send via header

We recommend sending the access token via the Authorization header field when possible:

curl -H "Authorization: token ACCESS_TOKEN" https://api.phraseapp.com/api/v2/projects

Send via parameter

As JSONP (and other) requests cannot send HTTP Basic Auth credentials, a special query parameter access_token can be used:

curl "https://api.phraseapp.com/api/v2/projects?access_token=ACCESS_TOKEN"

You should only use this transport method if sending the authentication via header or Basic authentication is not possible.


Users with Two-Factor-Authentication enabled have to send a valid token along their request with certain authentication methods (such as Basic authentication). The necessity of a Two-Factor-Authentication token is indicated by the X-PhraseApp-OTP: required; :MFA-type header in the response. The :MFA-typefield indicates the source of the token, e.g. app (refers to your Authenticator application):

X-PhraseApp-OTP: required; app

To provide a Two-Factor-Authentication token you can simply send it in the header of the request:

curl -H "X-PhraseApp-OTP: MFA-TOKEN" -u EMAIL https://api.phraseapp.com/api/v2/projects

Since Two-Factor-Authentication tokens usually expire quickly, we recommend using an alternative authentication method such as OAuth access tokens.

Multiple Accounts

Some endpoints require the account ID to be specified if the authenticated user is a member of multiple accounts. You can find the eight-digit account ID inside Translation Center{target: “_blank”} by switching to the desired account and then visiting the account details page. If required, you can specify the account just like a normal parameter within the request.