Authentication Types

The REST API (Representational State Transfer Application Programming Interface) uses user Authentication over HTTPs.

Everbridge REST APIs can support the following authentications:

Basic Authentication

The EB Suite REST API uses Basic Authentication over HTTPs. Standard HTTP Authorization header is used to pass Basic authentication information.

The value of this header should be a Base64 encoding of username and password of your API user in the format of <username:password>. For example, if API user credentials were username "ryan" and password "thisisabadpassword", then the credentials field in the would be the Base64 encoding of ryan:thisisabadpassword, or cnlhbjp0aGlzaXNhYmFkcGFzc3dvcmQ=.

Authorization: Basic cnlhbjp0aGlzaXNhYmFkcGFzc3dvcmQ=

When using this online portal (Readme), just pass in the API user credentials in the username/password fields and the tool will create the base64 encode credentials.

Access Token Authentication

Access Token Authentication (newly added since the 9.4 release)
If there are multiple roles for the API user, as default, the default role will be used to invoke API functionalities. In case the API user needs to call API functionalities by the desired role from his or her roles list, the user needs to put the desired roleId in a special Http header. For instance, this user has two roles in the same organization: one is Group Manager, and the other is Incident Admin. The Group Manager is set as the default role. The user can use an HTTP header, like the following, to switch to the Incident Admin to launch the incident template.

EBHeader: ROLEID 888666645213

The username and password pair must belong to a user who has the API User role within an organization that has been granted access to the API product. These privileges can only currently be set by direct DB access; they are not available through the EBAdmin portal at this time.

Further, each API method has its own permissions, so a user can be enabled to use the API but only granted access to a subset of the API methods. This gives you fine-grained control of how users access the information for your organization.

OAUth 2.0 Authentication

To call Everbridge REST endpoints using OAuth 2.0 authentication, the client first needs to call the token API endpoint to get an idToken.

In the request form body, you should include:

  • grant_type = “password”
  • client_id
  • client_secret
  • username
  • password
  • cope = "openid user-profile role


  • The Client ID and Client Secret would be shared with you securely.
  • Username and Password must be created by following this guide

Once a valid ID token is returned, you must submit the token as a "Bearer" token in the header of all subsequent requests to the Everbridge APIs.


Copy id_token

Use the copy icon to quickly copy Bearer <id_token> to your clipboard

  • The token is valid for 28800 seconds, which is 8 hours


User with multiple roles

If the user in Everbridge Suite has multiple roles, or the user is account admin, and you want to use specific role to access the endpoint, you can specify the roleId the request as below. In this way, the system will create an idToken to include this roleId.

Examples and live requests of all supported authentication use cases can be found in our API documentation page for OAuth Authentication.