API Authentication

Learn about Staffbase App / Intranet API authentication.

The Staffbase API is secured by HTTPS and Basic Authentication. For performing requests on our API, you need to generate an API token in the Staffbase Studio of the Staffbase platform (https://your-app.com/admin/settings/token).

More information on security at Staffbase can be found on our website.

Use the base URI of your Staffbase App on for all your requests.


  • https://exampleapp.staffbase.com/api
  • https://customdomain.example.com/api
Ensure that the token you use has administrative access.

The token needs to be added on every request within the Authorization header as follows:

Authorization: Basic {{insert-your-token-here}}

A plain HTTP request could look like this:

GET /api/users HTTP/1.1
Host: exampleapp.staffbase.com
Authorization: Basic dGVzdDEyMzQ2Nzg6dGVzdDEyMzQ2Nzg=

When everything worked like expected you should receive an HTTP response with the status code 200 and a list of users. An example response could look like this:

1HTTP/1.1 200 OK
2Content-Type: application/json