Skip to main content

Get your API tokens

To interact with MARCO APIs, you will need three API tokens:

  • An application token
  • A service account token
  • An access token

This guide will show you how to obtain these tokens.


To complete this guide, you will need a MARCO account. If you don't have one, see Create an account.

1. Create an application token

To obtain an application token, you need to register a MARCO application. We refer to these applications as "marpps" and we use them to represent ledger-agnostic applications.

To create a marpp:

  1. On MARCO Console, go to Marpps > Register Application:

    Marpp registration

  2. Set a name for the application.

  3. Click Register Application.

  4. Copy and save the Application ID and Application Token.

    Marpp registration

The application ID and token will be used to refer to your application in API requests.

2. Create a service account token

Next, you will register a service account to identify your computer as an authorized user in API requests.

To create a service account:

  1. On MARCO Console, go to Service Accounts > Register Account:

    Service account registration

  2. Set a name for the account.

  3. Click Register Service Account.


    It's crucial to keep service account credentials secret. Sharing these credentials can compromise the account and associated resources. If you suspect that a service account has been compromised, you can disable it and create a new one in the Service Accounts section of the MARCO Console.

  4. Copy and save the new account's Email:

    Service account email

  5. Open the Service Account API Keys tab.

  6. Click Generate API Key.

  7. Copy and save the Service Account API Token:

    Service account token

3. Create an access token

Finally, you will create an access token that is derived from your service account API key. Most API calls request to provide both the access token and the application token.

To get an access token:

  1. In the command line, run the following command, replacing APPLICATION_ID, APPLICATION_TOKEN, SERVICE_ACCOUNT_TOKEN and SERVICE_ACCOUNT_EMAIL with your credentials from the previous steps:

    curl --location --request POST '<APPLICATION_ID>' \
    --header 'ApplicationToken: <APPLICATION_TOKEN>' \
    --header 'Content-Type: application/json' \
    --data-raw '{
    "credentials": "{\"apiToken\":\"<SERVICE_ACCOUNT_TOKEN>\",\"status\":\"\"}",
    "identity": {
    "id": 0,
    "identifier": "<SERVICE_ACCOUNT_EMAIL>",
    "marcoId": "",
    "status": "",
    "type": "USER",
    "dateCreated": 0,
    "identityProfile": {
    "displayName": ""
    "params": {
    "authType": "apiToken"
  2. Copy and save the resulting token. If you get any errors, see the API Reference for this endpoint.


    Unlike the application and service account tokens, the access token expires after 30 days. Remember to generate a new access token every time it expires to keep using the API.

Next steps

Now that you have your tokens, let's setup your environment and make your first API call.