Admin APIs allow you to access and configure Unity Services as an administrator. To authenticate admin APIs, you must create and use service accounts.
Some APIs directly support service account authentication, while others require an additional stateless token.
These APIs directly support service accounts:
- Advertising Management
- Advertising Statistics
- Assets Manager
- Application Linking
- Cloud Save
- Cloud Code
- Remote Config API
- User Generated Content
- Player Authentication
- Vivox Moderation APIs
- Text Evidence Management API
- 3DDS Metadata
- Workflow Engine
These APIs require an additional stateless token:
- Cloud Save
- Cloud Code
- Player Names
- Multiplay Game Server Lifecycle
Before you use service accounts, make sure you are an organization owner.
Create a service account
To create a service account, follow these steps:
- In the Unity Dashboard, go to Projects > Service Accounts.
- Select Create service account to create a new account.
- In the Keys section, select Create key to generate a key ID and a secret key.
- Add a role to your service account to allow access to API endpoints.
- Select Add organization role to grant access to organization-level data that applies to all projects in your organization.
- Select Add project role to grant access to project-level data that applies to individual projects.
You can now use either your service account credentials or a stateless authentication token to authenticate and call an API.
Authenticate an API using service account credentials
To authenticate an API using your service account credentials, open a terminal and enter the following authorization HTTP header:
curl -H "Authorization: Basic <SERVICE_ACCOUNT_CREDENTIALS>" \
<SERVICE_ACCOUNT_CREDENTIALS> is created by Base64 encoding the string
<KEY_ID>:<SECRET_KEY>. It uses the key ID and secret key you generated when you
created a service account.
For example, if your key ID is
7e0f1152-e0dd-4b14-8e37-04cab07efeb0 and your secret key is
NKxoRp2m2w3e9gzJfssNQnTfypFgtJn7, your header will be
Authenticate an API with the Unix terminal
If you're using a Unix terminal, follow these steps:
- Enter a command to Base64 encode the key string.
echo -n "7e0f1152-e0dd-4b14-8e37-04cab07efeb0:NKxoRp2m2w3e9gzJfssNQnTfypFgtJn7" | base64
<SERVICE_ACCOUNT_CREDENTIALS>with the output from the previous command.
curl -H "Authorization: Basic N2UwZjExNTItZTBkZC00YjE0LThlMzctMDRjYWIwN2VmZWIwOk5LeG9ScDJtMnczZTlnekpmc3NOUW5UZnlwRmd0Sm43" \
You have now authenticated your API.
Authenticate an API using a stateless token
To authenticate an API using a stateless token, follow these steps:
- Call the Token Exchange API. Make sure to send your key ID and your secret key as the authorization in the request.
curl -X POST -H "Authorization: Basic N2UwZjExNTItZTBkZC00YjE0LThlMzctMDRjYWIwN2VmZWIwOk5LeG9ScDJtMnczZTlnekpmc3NOUW5UZnlwRmd0Sm43"
As a response, you receive an
- Use the
accessTokento call APIs in the context of the project ID and/or environment ID you specified earlier.
curl -H "Authorization: Bearer <STATELESS_ACCESS_TOKEN>" \
Refresh your stateless token
The stateless access token you receive after calling the Token Exchange API includes an
exp field which determines the token's lifespan. If your token expires,
you can refresh it by calling the Token Exchange API again with your original key ID and secret key.
You can generate a new token before your previous token has expired. Generating a new token doesn't invalidate your previous token.
The following roles are available for admin API authentication: