The Sentinel Hub API uses OAuth2 Authentication and requires that you have an access token. In essence, this is a piece of information you add to your requests so the server knows it's you. These tokens do not last forever for a multitude of reasons, but you can get new ones and when they expire from the Sentinel-Hub OAuth2 server at the token endpoint listed below. But first, if you do not have one already, you need to register an OAuth Client in your account settings. This is so the server can expect you to make such token requests. If you do not have a Sentinel-Hub account, you can sign up for a free trial account.

To register an OAuth Client open your dashboard then click the Create a new OAuth client button. For the purpose of simply making requests, set the Client grant type to Client Credentials. Save the secret value as this will no longer be visible after creation! When done, click Create Client. You are now ready to request tokens.

To request tokens the easiest way is to have some software which understands OAuth2 and can make the proper request. For example, REST clients like Postman and Insomnia have support for OAuth2 Client credentials already included. See the Token Request Examples section below.

OAuth2 Endpoints

Token Endpoint - for requesting tokens

Token info endpoint

Token Request Examples


The following cURL request will return an access token, just make sure to replace <your client id> with your client ID and <your client secret> with your client secret:

curl --request POST --url --header "content-type: application/x-www-form-urlencoded" --data "grant_type=client_credentials&client_id=<your client id>" --data-urlencode "client_secret=<your client secret>"


In the Postman request Authorization tab set the Type to OAuth 2.0 and Add the authorization data to Request Headers. Then click the Get New Access Token button. Set the Grant Type to Client Credentials, the access token URL to the token endpoint, then set the Client ID and Client Secret to the values of your OAuth Client. Scope can be blank. Keep Client Authentication as Send As Basic Auth Header. Click Request Token. You should get a new one immediately. To use this token to authorize your request, click Use Token. For more information see the Postman authorization documentation


In python the requests-oauthlib library can handle the retrieval of access tokens using your OAuth Client configuration.

from oauthlib.oauth2 import BackendApplicationClient
from requests_oauthlib import OAuth2Session
# Your client credentials
client_id = '<client_id>'
client_secret = '<secret>'
# Create a session
client = BackendApplicationClient(client_id=client_id)
oauth = OAuth2Session(client=client)
# Get token for the session
token = oauth.fetch_token(token_url='',
client_id=client_id, client_secret=client_secret)
# All requests using this session will have an access token automatically added
resp = oauth.get("")


Example using axios.

import axios from "axios"
import qs from "qs"
const client_id = "<client_id>"
const client_secret = "<secret>"
const instance = axios.create({
baseURL: ""
const config = {
headers: {
'Content-Type': 'application/x-www-form-urlencoded;charset=utf-8'
const body = qs.stringify({
grant_type: "client_credentials"
// All requests using this instance will have an access token automatically added"/oauth/token", body, config).then(resp => {
Object.assign(instance.defaults, {headers: {authorization: `Bearer ${}`}})