Skip to content

Authentication

Every Orion account has a personal API token that grants read/write access to that account’s data through the machine endpoints — it’s what the Android widgets, the calendar feed, and the Home Assistant integration use.

Open Settings in Orion — your token is shown under API token (generated automatically the first time you look).

Send it either as a bearer token or a query parameter:

Terminal window
# Header (preferred)
curl -H "Authorization: Bearer <token>" https://orionmedia.app/api/machine/summary
# Query parameter (for places that can't set headers, e.g. calendar apps)
curl "https://orionmedia.app/api/machine/summary?token=<token>"

Requests without a valid token get 401 Unauthorized.

The token acts on your account without a password, so treat it like one. If it leaks, hit Regenerate token in Settings — the old token stops working immediately. You’ll then need to update it everywhere it’s used: