Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Creating API Tokens

API tokens contain authentication information and are bound to specific users or an entire organization. API tokens send identification information about the user or organization to the API server to indicate whether or not the user has access to the API, to ensure security.

Like many other API providers, Juniper Mist offers a way to generate API tokens for authentication (in the HTTP header). When considering tokens, Juniper Mist uses the terms token and key interchangeably.

The following characteristics pertain to user API tokens:

  • The API token assumes the same privileges as the assigned user’s account privileges.

  • Juniper Mist automatically removes an API token that has not been used for 90 consecutive days.

  • The base Uniform Resource Identifier (URI) for the Juniper Mist API is {api_endpoint}/api/v1/.


    In place of {api_endpoint}, you need to use the API endpoint for your global region. See API Endpoints and Global Regions.

In Juniper Mist, there are two types of API tokens:
  • Organization Token

    • The token persists under the Mist organization.
    • The token is not bound to any specific user, meaning the access does not depend upon any user’s access to the organization.
    • Supports N org tokens, which can have different privileges.
    • The token can only be used for that specific organization.
    • Rate limiting is done by the individual token. For example, if OrgToken1 consumes 5000 API calls and reaches the rate limit, OrgToken2 is not impacted.
  • User Token

    • The token persists to a specific user account.
    • The token is bound to the specific user, meaning the access directly correlates to the user’s access to the organization.
    • The token can be used for any Managed Service Provider (MSP) or organization that the user has access to.
    • Supports N tokens, which all have the same privilege as the user account.
    • Rate limiting is done by the account that is tied to the user. For example, if UserToken1 consumes 5000 API calls and reaches the rate limit, UserToken2 AND account log in to the GUI are impacted.

Create an Organization Token

  1. From the left menu of the Juniper Mist portal, navigate to Organization > Settings.
  2. Scroll down to the API Token section and click Create Token.
  3. Define the permissions for the token.

  4. Click Generate.
    • After you click Generate, you will see a message at the top of the window letting you know that you need to save your key.

  5. Copy the key by clicking the copy button next to the Key field and store it somewhere for safe keeping.

    The only time you will see the entire, untruncated key is upon creation. You will not be able to see the full key ever again. If you misplace the key, you will have to create a new key.

  6. Click Done at the bottom of the window.
  7. Click Save near the top-right corner of the page.

Create a User Token using the REST API Explorer

  1. Log in to the Juniper Mist portal (you must be logged into the Mist Portal prior to using the REST API Explorer).
  2. Open a new browser window and paste in your URL to the REST API Explorer: {api_endpoint}/api/v1/self/apitokens.

    In place of {api_endpoint}, you need to use the API endpoint for your global region. See API Endpoints and Global Regions.

    The REST API Explorer is the API page for token control. Here you can create, read, update, and delete tokens and token information. This page initially displays the tokens that you have already created.

    This page also enables you and other users to make an API call directly from the browser. With Media type: applications/json already selected as the default, a GET request will be performed to show you a list of your tokens. A truncated key will display for any previously created tokens.

  3. Create a token by clicking the POST button.


    The Juniper Mist API will never again display the actual token (key) in full, anywhere, after creating the key. After you navigate away from this page and come back, the key will appear but in a truncated version. You should treat this key as a password and store it in a safe place. If you lose this key, you will need to create a new one.

    The response received should look like this example: