Discussions

Ask a Question
Back to All

How authorisation works?

Hello,
According to the API documentation "Every token is valid for only one request. After each request, a new token is generated and sent back to the user in the authorization (lowercase) header. You can use this token to make the next request."

My question is - where is the "authorization" header? I cannot find it. When I make my first request with the original token I receive the following headers and "authorization" is not there.

"headers": {
"Transfer-Encoding": "chunked",
"Connection": "keep-alive",
"report-to": "{"group":"csp-endpoint","max_age":31536000,"endpoints":[{"url":"/csp-reports"}],"include_subdomains":true}",
"vary": "Accept-Encoding,Origin",
"x-frame-options": "DENY",
"content-security-policy": "frame-ancestors 'none',report-uri /csp-reports; report-to csp-endpoint; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://.personio.de https://.personio-internal.de https://.googleapis.com https://.userlane.com https://.ingest.sentry.io https://cdn.pendo.io https://data.pendo.io https://player.vimeo.com https://.cdn.pendo.io https://.stripe.com https://api.gohiring.com https://tracking.gohiring.com https://stackpath.bootstrapcdn.com https://personio.zendesk.com https://app.pendo.io https://www.youtube.com https://embedded.tray.io https://.screenmeet.com wss://.screenmeet.com https://api.feedback.us.pendo.io https://.datadoghq.eu/ https://.split.io/ https://calendly.com https://assets.calendly.com https://.cronofy.com https://stonly.com/ https://.stonly.com/ https://personio-stage-payroll-import-svc-ytd.s3.eu-central-1.amazonaws.com https://personio-dev-payroll-import-svc-ytd.s3.eu-central-1.amazonaws.com https://personio-prod-payroll-import-svc-ytd.s3.eu-central-1.amazonaws.com; img-src data:;",
"strict-transport-security": "max-age=31540000; includeSubDomains",
"x-xss-protection": "1; mode=block",
"x-content-type-options": "nosniff",
"Cache-Control": "no-cache, private",
"Date": "Tue, 24 Jan 2023 06:14:20 GMT",
"Set-Cookie": "personio_session=xxxx; expires=Tue, 24-Jan-2023 16:14:20 GMT; Max-Age=36000; path=/; domain=.personio.de; secure; httponly; samesite=lax",
"Content-Type": "application/json",
"Content-Length": "22919"
}