Skip to content


Access Token Viewer API uses token-based authentication that is secure, reliable, and compliant with the prevailing JWT mechanism. A one-time access token must be generated to load a model or retrieve information from the platform. The generated access token is valid for two hours only.

There are two ways to generate an access token: API key or model password. Using model password is easier. However, it is recommended to use API key that is a more robust and flexible approach.

Using API Key

Every user has a corresponding account name and can generate an API key which is unique to the account. You can find your account name and generate an API key on by going to Settings => API Key. All your models are programmatically accessible by a generated API key even though they are not shared explicitly. Therefore, please bear in mind the following best practices:

  • Use environmental variables rather than putting your account name and API key directly in code.
  • Never check in an API key to your source code repositories.
  • Do not use an API key in a front-end web application.
  • Do not share an API key with others.
  • Revoke an API key in case of any security risk.

A back-end, server-side web application should be set up to use an API key to request for an access token. You need to put together your account name (as user ID) and API key (as password) for the HTTP Basic Authentication. An HTTP request can then be sent to the REST API endpoint below. Note that only HTTPS is supported.

HTTP Request for Access Token

POST /rest/api/v1/token HTTP/1.1
Authorization: Basic xxxxxxxxxxx

Sample Response

    "token": "eyJhbGciOiJIUzI1NiJ9.eyJpYX......"

A couple of server-side code examples are provided below if you use Node.js (JavaScript) or .NET Core (C#) for the back-end web application.

Node.js Request Example

let request = require('request');

let accountName = "YOUR_ACCOUNT_NAME";
let apiKey = "YOUR_API_KEY";
let base64Encoded = Buffer.from(`${accountName}':'${apiKey}`).toString('base64');

let options = {
  'method': 'POST',
  'url': '',
  'headers': {
    'Authorization': `Basic ${base64Encoded}`
request(options, function (error, response) {
  if (error) throw new Error(error);
  let accessToken = JSON.parse(response.body).token;

C# RestSharp Example

using RestSharp;
using RestSharp.Serialization.Json;
using System;
using System.Text;

namespace ConsoleApp
    class Program
        static void Main(string[] args)
            var accountName = "YOUR_ACCOUNT_NAME";
            var apiKey = "YOUR_API_KEY";

            var client = new RestClient("");
            var request = new RestRequest(Method.POST);

            Byte[] bytesEncoded = Encoding.UTF8.GetBytes($"{accountName}:{apiKey}");
            string base64Encoded = Convert.ToBase64String(bytesEncoded);

            request.AddHeader("Authorization", $"Basic {base64Encoded}");
            IRestResponse response = client.Execute(request);
            var accessTokenResponse = new JsonDeserializer().Deserialize<AccessTokenResponse>(response);

    class AccessTokenResponse 
        public string token { get; set; }

Once an access token is received like the sample response above, you can pass it on to a front-end web application for the model configuration object. An example below shows how to load a model by an access token.

// Model configuration object
let modelConfigs = {
    modelId: "YOUR_MODEL_ID",
    accessToken: "ACCESS_TOKEN"

// Load a model
viewer.loadModel(modelConfigs, onPorgress, onLoaded, onError);

Using Model Password

If working with a back-end web application is a challenge, then using model password is your best bet. A model password is specific to a model file. You must explicitly share a model on to make it accessible by Viewer API. If you don't set a password upon sharing, the password property of the model configuration object can be set to null or an empty string.

If a model password is specified in the model configuration object like below, the loadModel function will handle access token request behind the scene and load the model directly. Please do not hard code your password in a front-end web application unless it is hosted in a fully trusted environment, such as intranet.

// Model configuration object
let modelConfigs = {
    modelId: "YOUR_MODEL_ID",
    password: "YOUR_MODEL_PASSWORD"

// Load a model
viewer.loadModel(modelConfigs, onPorgress, onLoaded, onError);

Ideally, you should create your own user interface and prompt your users to input a password. Viewer API has got a helper function called showDialog that comes in quite handy. See an example below.

let onSubmit = () => {              
    let password = document.getElementById("password-input").value;
    let modelConfigs = {
      modelId: "YOUR_MODEL_ID",
      password: password
    viewer.loadModel(modelConfigs, onPorgress, onLoaded, onError);
let modalTitle = "Protected Content";
let modalBody = `
  <div>Input password</div>
  <div style="margin-top: 15px;">
    <input style="padding: 10px;border: 1px solid #ccc;border-radius: 4px;" placeholder="Enter your password here" id="password-input" type="password" class="validate">
viewer.showDialog(modalTitle, modalBody, null, "OK", onSubmit, false);