Basic Authentication

Requests made to the API are usually authenticated with HTTP Basic authentication.

In order to properly authenticate with the API, you must use your API key as the username while leaving the password blank. Requests not properly authenticated will return a 401 error code. You can generate API keys for your account in your Profile Settings. All API requests must be made over HTTPS.

In curl, you can specify the username with the -u flag - make sure to include a : afterwards, which indicates an empty password.

Note: If you're an Enterprise customer, you'll need to use your company's URL to authenticate (e.g. instead of

curl -u sk_YOUR_SECRET_KEY:

OpenID Connect / OAuth2 Authentication

Benchling for Enterprise supports authenticating with OpenID Connect (OAuth2) access tokens. In this configuration, you'll have a trusted identity provider (such as Okta or AD FS) that supports OpenID Connect.

From your application, you can authenticate to the identity provider, which results in an access token. Your identity provider should be configured to include "email" as a claim in the token. You must then use the token in the Authentication header:

curl -H "Authentication: Bearer YOUR_ACCESS_TOKEN"

The Benchling API accepts this token by verifying the signature against keys presented at your OpenID configuration endpoint (e.g. at Once the token signature is verified, the API request is authenticated as the user associated with the email claim on the token.

Note that the user must already exist - in most cases this means the user should sign into the web application before making API requests.

Contact to configure OpenID Authentication.


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.