Comment on page

Basics of authentication

Learn about the basics of authentication in Supervisely
The easiest and best way to authenticate with the Supervisely API is by using Basic Authentication via a personal access token.
You need only two environment variables:
  1. 1.
    SERVER_ADDRESS - address of your Supervisely instance
  2. 2.
    API_TOKEN - your personal access token
Video tutorial - basics of authentication for python developers
You can try examples shown in the video for yourself: find the repository with the scripts on GitHub.


If you are using 🌎 Community Edition 🌎your server address is
If you are using 🔐 Enterprise Edition** ** 🔐 you have your own instance address. You can copy the URL address from the browser or contact instance admin. For example on my private instance the address is the following:
My private instance of Supervisely
In the example above the server address is


Every basic account has its own personal access token in account settings:
  1. 1.
    Find Account Settings under your name in the right top corner.
  2. 2.
    Go to API Token tab.
  3. 3.
    Press copy button.
API token in account settings
You can revoke your current token and generate the new one at any time by clicking re-generate api key button.

How to use in Python

To communicate with the Supervisely platform, you first need to instantiate a client. The easiest way to do that is by calling the function from_env() or pass values of environment variables in the constructor.
It is the default practice to store your secrets as environment variables and keep them safe in .env files for local development.
  1. 1.
    Create .env file (recommended: ~/supervisely.env) with the following content:
2. Use it the following way
import os
from dotenv import load_dotenv
import supervisely as sly
if sly.is_development():
api = sly.Api.from_env()
import supervisely as sly
api = sly.Api(server_address="", token="4r47N...xaTatb")
We do not recommend using this way in production. It is the fastest way, but remember, it is not safe to store the secrets right in your sources. Avoid (accidentally) committing (exposing) your private keys, passwords or other sensitive details (by hard-coding in them in your script) to git by storing them as environment variables.