Skip to content


Tower is API centric, it exposes a public API with all necessary calls to manage and monitor Nextflow workflows programmatically. This allows organizations to extend their existing solutions by leveraging the Tower API.


All API access is over HTTPS, and accessed from All data is sent and received as JSON encoded objects.

All timestamps use the ISO 8601 date-time standard format:




Tower API requires an authentication token to be specified in each API request using the Bearer HTTP header.

Your personal authorization token can be found in your settings, at the top-right corner of the page under the Your tokens section.

To create a new access token, just provide a name for the token. This will help to identify it later.

Once created, the token can only be seen once, when it is initially created. It is important you keep this token at a safe place.

Once created, use the token to authenticate via cURL, Postman, or within your code against the Nextflow API to perform the necessary calls for completing your tasks. Please remember that, as any other Bearer token, this token must be included in every API call.

Example call using the cURL command#

curl -H "Authorization: Bearer eyJ...YTk0"

Use your token in every API call

Please remember that, as any other Bearer token, this token must be included in every API call. You can find at the following link more details about the Bearer token authentication. scheme.


Some API GET methods will accept standard query parameters, which are defined in the documentation; querystring optional parameters such as page size, number (when available) and file name; and body parameters, mostly used for POST, PUT and DELETE requests.

Additionally, several head parameters are accepted such as Authorization for bearer access token or Accept-Version to indicate the desired API version to use (default to version 1)

curl -H "Authorization: Bearer QH..E5M=" 
     -H "Accept-Version:1"
     -X POST{item_id}?queryString={value}
     -d { params: { "key":"value" } }

Client errors#

There exists two typical standard errors, or non 200 or 204 status responses, to expect from the API.

Bad request#

The request payload is not properly defined or the query parameters are invalid.

    "message": "Oops... Unable to process request - Error ID: 54apnFENQxbvCr23JaIjLb"


Your access token is invalid or expired. This response may also imply that the entry point you are trying to access is not available; in such a case, it is recommended you check your request syntax.

Status: 403 Forbidden

Rate limiting#

For all API requests, there is a threshold of 20 calls per second (72000 calls per hour) and access key.

Back to top