Skip to content


Tower exposes a public API with all the necessary endpoints to manage Nextflow workflows programmatically, allowing organizations to incorporate Tower seamlessly into their existing processes.

The Tower API can be accessed from All API endpoints use HTTPS, and all request and response payloads use JSON encoding. All timestamps use the ISO 8601 date-time standard format: YYYY-MM-DDTHH:MM:SSZ.


The Tower API uses the OpenAPI standard. The current OpenAPI schema for Tower can be found here.


You can find a detailed list of all Tower endpoints here. This page also includes request and response payload examples, and the ability to test each endpoint interactively.

Programmatic API#

You can use tools such as openapi-python-client to generate a programmatic API for a particular language (e.g., Python) based on the OpenAPI schema. However, we do not guarantee that any OpenAPI client generators will work with Tower API.


Tower API requires an authentication token to be specified in each API request using the Bearer HTTP header.

Your personal authorization token can be found in the user menu under Your tokens.

To create a new access token, provide token name and select Create.

The token is only displayed once. Store your token in a safe place.

Once created, use the token to authenticate requests to the API via cURL, Postman, or within your code.

cURL example#

curl -H "Authorization: Bearer eyJ...YTk0"

Your token must be included in every API call. See Bearer token authentication for more information.


Some API GET methods will accept standard query parameters, which are defined in the documentation. Optional parameters such as page size, number (when available), and file name can be submitted as query parameters. POST, PUT, and DELETE requests require additional parameters to be provided in your request body.

Several head parameters are also accepted, such as Authorization for bearer access tokens or Accept-Version to indicate the desired API version to use (default version 1):

curl -H "Authorization: Bearer QH..E5M="
     -H "Accept-Version:1"
     -X POST{item_id}?queryString={value}
     -d { params: { "key":"value" } }

Client errors#

Two typical standard errors, i.e., not 200 or 204 status responses, are returned by the API.

Bad Request#

The request payload is not properly defined or the query parameters are invalid.

    "message": "Oops... Unable to process request - Error ID: 54apnFENQxbvCr23JaIjLb"


Your access token is invalid or expired. This response may also imply that the entry point you are trying to access is not available. Check your request syntax for typos, and confirm that your access token is valid.

Status: 403 Forbidden

Rate limiting#

For all API requests, there is a limit of 20 calls per second, per access token (72000 calls per hour).

Back to top