This document is for developers who want to understand how to call the QIMA Public API. The developer portal can be used to check input parameters and output data definition, data examples, and more.


  • have an active customer account (with username and password) at qima.com pre-prod environment.
  • need an ai-api-access-token. This token allows you to request any of the public APIs from QIMA. Please request it from QIMA sales when starting your integration.

Get authentication token

Key points:

  • send your password in md5 format.
  • always set userType to "client".
  • always put your obtained ai-api-access-token in the request header in any API call to QIMA public api.
  • make sure that both referrer domain name and token do not change when getting the token or using it in subsequent requests (see below).

Refer to below screenshot in postman to get token.

Pic 1, posting body when getting the token body_of_get_token

Pic 2, posting header when getting the token header_of_get_token

Use the authenticated token

Key points: Be sure to include the ai-api-access-token obtained from QIMA public api in the request header and the authenticated token in the authorization header. And please make referer domain same as your application domain.

Pic 3, using the token to call resource API header_of_using_token

Refresh the authenticated token

You can refresh your token API. You'll find an option to 'Refresh token' and then use the refresh token API to refresh your about to expire token and get a new one.

Key points:

  • add refresh key to the http header and other headers same as when using the token to the refresh token API, body part is not required
  • token will expire after returned 'validBefore' unix time
  • use returned refresh key to call refresh token API
  • after refresh, refresh key for next time refresh will be returned

Pic 4, know when token expires and what's the refresh key expiry_refresh_key