Skip to content


Tower exposes a public API with all the necessary endpoints to manage Nextflow workflows programmatically, allowing organizations to incorporate Tower seamlessly into their existing processes.


The Tower API can be accessed from All API endpoints use HTTPS, and all request and response payloads use JSON encoding. All timestamps use the ISO 8601 date-time standard format: YYYY-MM-DDTHH:MM:SSZ.


The Tower API uses the OpenAPI standard. The current OpenAPI schema for Tower can be found here.


You can find a detailed list of all Tower endpoints here. This page also includes request and response payload examples, and the ability to test each endpoint interactively.

Programmatic API#

You can use tools such as openapi-python-client to generate a programmatic API for a particular language (e.g. Python) based on the OpenAPI schema. However, we do not guarantee that any OpenAPI client generator will work with Tower API; use them at your own risk.


Tower API requires an authentication token to be specified in each API request using the Bearer HTTP header.

Your personal authorization token can be found in the user top-right menu under Your tokens.

To create a new access token, just provide a name for the token. This will help to identify it later.

The token is only displayed once. Store your token in a safe place.

Once created, use the token to authenticate to the Nextflow API via cURL, Postman, or within your code to requests.

cURL example#

curl -H "Authorization: Bearer eyJ...YTk0"

Use your token in every API call

Your token must be included in every API call. See Bearer token authentication for more information on bearer token authentication.


Some API GET methods will accept standard query parameters, which are defined in the documentation; querystring optional parameters such as page size, number (when available) and file name; and body parameters, mostly used for POST, PUT and DELETE requests.

Additionally, several head parameters are accepted such as Authorization for bearer access token or Accept-Version to indicate the desired API version to use (default to version 1)

curl -H "Authorization: Bearer QH..E5M="
     -H "Accept-Version:1"
     -X POST{item_id}?queryString={value}
     -d { params: { "key":"value" } }

Client errors#

There exists two typical standard errors, or non 200 or 204 status responses, to expect from the API.

Bad Request#

The request payload is not properly defined or the query parameters are invalid.

    "message": "Oops... Unable to process request - Error ID: 54apnFENQxbvCr23JaIjLb"


Your access token is invalid or expired. This response may also imply that the entry point you are trying to access is not available; in such a case, it is recommended you check your request syntax.

Status: 403 Forbidden

Rate limiting#

For all API requests, there is a limit of 20 calls per second (72000 calls per hour) and access key.

Back to top