Every V‑Spark API request requires an authorization token. There are two types of token: company tokens, and the system's root token.

The root token authorizes any operation for any system entity, and can be used for requests whose scope spans multiple entities with different company tokens.

As a best practice, the root token should not be used except for requests that require root access.

Only system administrators have access to the root token.

By default, V‑Spark's root API token is stored in the file /opt/voci/state/vspark/apitoken on the host system.

Each company entity on the system has its own API token. Company tokens authorize company- and organization-specific requests. As a best practice, use company tokens for API requests whenever possible.

User accounts with company write permissions can view the company token on the Settings > Accounts page.