The FOSSA API uses API keys to authenticate requests. API tokens can be managed at (Account Settings > Integrations > API).

Your API keys carry the same privileges as your FOSSA User, so be sure to keep them secure, and do not share them publicly.

Authentication to the FOSSA API is performed via HTTP Basic Authentication, using Authorization headers:

curl '' -H 'Authorization: Basic <API_TOKEN>'
API Token TypeDescription
Push OnlyPush Only tokens can only be used to send data to FOSSA.

Select this option if you only plan to use the API token with the FOSSA CLI. This is often a good option if you have FOSSA integrated in your CI/CD system.

IMPORTANT: Do not select this option if you want to have full access to the FOSSA API.
Full A Full API token can be used to act on the behalf of a logged in user. Any resource that a user can access in the UI can be accessed via a Full API Token. Use a Full API token if you want to take advantage of all aspects of the API.