generated: '2026-07-11' method: derived source: openapi/mist-ai-openapi.yml summary: types: - apiKey - http api_key_in: - header schemes: - name: apiToken type: apiKey in: header parameter: Authorization description: "Like many other API providers, it’s also possible to generate API Tokens to\ \ be used (in HTTP Header) for authentication. An API token ties to a Admin with equal or\ \ less privileges.\n\n**Format**:\n API Token value format is `Token {apitoken}`\n\n**Notes**:\n\ * an API token generated for a specific admin has the same privilege as the user\n* an API\ \ token will be automatically removed if not used for > 90 " sources: - openapi/mist-ai-openapi.yml - name: basicAuth type: http scheme: basic description: While our current UI uses Session / Cookie-based authentication, it’s also possible to do Basic Auth. sources: - openapi/mist-ai-openapi.yml - name: csrfToken type: apiKey in: header parameter: X-CSRFToken description: "This protects the website against [Cross Site Request Forgery](https://en.wikipedia.org/wiki/Cross-site_request_forgery),\ \ all the POST / PUT / DELETE APIs needs to have CSRF token in the AJAX Request header when\ \ using Login/Password authentication (with or without MFA)\n\n\nThe CSRF Token is sent\ \ back by Mist in the Cookies from the Login Response API Call:\n`cookies[csrftoken]` \n\ \nThe CSRF Token must " sources: - openapi/mist-ai-openapi.yml