> ## Documentation Index
> Fetch the complete documentation index at: https://www.1password.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Authorization

export const Small = ({children}) => {
  return <small>{children}</small>;
};

Every call to the 1Password Events API must be authorized with a valid [JWT-encoded <Icon icon="arrow-up-right-from-square" />](https://datatracker.ietf.org/doc/html/rfc7519) bearer token in the HTTP [request header](/events-api/request-headers/). The token authenticates the client and authorizes it to access specific resources (events), without exposing 1Password account credentials.

## Pass bearer tokens in your API requests

Bearer tokens are passed to the Events API through the `Authorization` header in your request.

### Step 1: Get a bearer token

You'll get a bearer token when you [set up a new Events Reporting integration](/events-api/get-started#step-1-set-up-an-events-reporting-integration), or when you [issue a new token](#issue-a-bearer-token) in an existing integration.

When you generate the token, you'll choose which events the token is scoped to, then save the token in 1Password.

After you set up the integration, you can also [issue or revoke tokens](#manage-bearer-tokens) at any time.

### Step 2: Create an API request

When you make a call to the Events API, you must include the `Authorization` [request header](/events-api/request-headers/) with your bearer token.

The following example uses [curl <Icon icon="arrow-up-right-from-square" />](https://curl.se/) on the command line to make a GET request to the [`introspect` endpoint](/events-api/reference#get-%2Fapi%2Fv2%2Fauth%2Fintrospect). API calls to this endpoint allow you to check that your bearer token is valid and confirm which events it's authorized to access.

1. In your terminal, format your curl request using the following structure:

   ```shell theme={null}
   curl --request GET \
   	--url <base_url>/api/v2/auth/introspect \
   	--header 'Authorization: Bearer <YOUR_BEARER_TOKEN>'
   ```

2. Replace the `{'<base_url>'}` placeholder in the endpoint with the [events URL for your 1Password account](/events-api/servers/).

3. Replace `{'<YOUR_BEARER_TOKEN>'}` in the `Authorization` header with the token for your Events Reporting integration.

   * Option 1: Copy the credential field from the bearer token you saved in 1Password, then paste it in the authorization header. For example:

     ```shell theme={null}
     --header 'Authorization: Bearer eyJhbGciOiJFUzI1NiIsImtpZCI6IjNyaTN0NDR0anZvZmNmbWc0Z2tsNWk2b2FpIiwidHlwIjoiSldUIn0...'
     ```

     <Small>The `...` at the end of the bearer token here indicates it's been truncated for the example. You'll need to include the full credential string for your token.</Small>

   * Option 2: [Use an environment variable to load your API token](/events-api/generic-scripts#usage) to avoid revealing your bearer token in plaintext. You'll need to use double quotes for the authorization header to allow for variable expansion. For example:

     ```shell theme={null}
     --header "Authorization: Bearer ${EVENTS_API_TOKEN}"
     ```

### Step 3: Send the API request

Send the API request from the terminal. For example:

```shell theme={null}
curl --request GET \
	--url https://events.1password.com/api/v2/auth/introspect \
	--header "Authorization: Bearer ${EVENTS_API_TOKEN}"
```

<Small>If you've installed [jq <Icon icon="arrow-up-right-from-square" />](https://jqlang.github.io/jq/), you can add `| jq` at the end of your request to pretty-print the JSON response.</Small>

If your token is authenticated, the API will return a [`200` response](/events-api/reference#responses) that includes the events (features) scoped to your token. For example:

```json theme={null}
{
	"uuid": "OK41XEGLRTH4YKO5YRTCPNX3IU",
	"issued_at": "2025-10-17T16:32:50-03:00",
	"features": [
		"auditevents",
		"itemusages",
		"signinattempts"
	],
	"account_uuid": "M4E2SWNZAZFTRGQGDNS2E5A4MU"
}
```

If you get a `401 Unauthorized` error, make sure your bearer token is in the `Authorization` header and is formatted correctly.

Learn more about [status codes in the Events API](/events-api/status-codes/).

## Manage bearer tokens

After you set up your Events Reporting integration, you can [issue](#issue-a-bearer-token) additional bearer tokens, [revoke](#revoke-a-bearer-token) tokens, and [verify the scope](#verify-the-scope-of-a-bearer-token) of existing tokens.

### Issue a bearer token

To issue a new bearer token for an existing integration:

1. [Sign in](https://start.1password.com/signin) to your account on 1Password.com and select **[Integrations](https://start.1password.com/integrations/active)** in the sidebar.
2. Choose the Events Reporting integration where you want to issue a token and select **Add a token**.
3. Set up a new bearer token:
   * **Token Name**: Enter a name for the token.
   * **Expires After**: (Optional) Choose when the token will expire: 30 days, 90 days, or 180 days. The default setting is Never.
   * **Events to Report**: Choose which events the token can access. The default setting includes all events: sign-in attempts, item usages, and audit events.
4. Select **Issue Token**.
5. On the "Save your token" page, select **Save in 1Password**. Choose the vault where you want to save your token, then select **Save**. <br /><Small>Your bearer token will be saved as an <a href="https://support.1password.com/item-categories/#api-credential">API Credential item</a> in 1Password.</Small>

If you set a bearer token to expire, you can also edit the item you saved in 1Password if you want to add the token's expiry date.

### Revoke a bearer token

<Warning>
  Your SIEM will stop ingesting events after a token is revoked. To minimize downtime, issue a replacement token before you revoke one.
</Warning>

To revoke a bearer token:

1. [Sign in](https://start.1password.com/signin) to your account on 1Password.com and select **[Integrations](https://start.1password.com/integrations/active)** in the sidebar.
2. Choose the Events Reporting integration where you want to revoke a token.
3. Select the gear button next to the token you want to revoke, then select **Revoke**.

### Verify the scope of a bearer token

To verify a bearer token's scope, check the integration details on 1Password.com:

1. [Sign in](https://start.1password.com/signin) to your account on 1Password.com and select **[Integrations](https://start.1password.com/integrations/active)** in the sidebar.
2. Choose the Events Reporting integration where you want to verify the scope of a token.
3. Locate your bearer token in the Tokens section and check which events it can access. You will also see when or if the token is set to expire.

Alternatively, you can make a [GET request to the introspection endpoint](/events-api/reference#get-%2Fapi%2Fv2%2Fauth%2Fintrospect) to verify which events are scoped to the token.
