Authentication
The API adopts OAuth 2.0 with Client Credentials as its authentication mechanism, ensuring secure access to protected resources on behalf of a client application.
Although the same token can be used in multiple API calls, please be aware that these tokens have a limited duration so you need to include refresh logic in the client code, so that the token gets refreshed automatically without breaking your processing sequence.
Below is an explanation of how to obtain an access token using the Client Credentials flow, accompanied by examples.
Fetching an Access Token
-
Obtain your client credentials: Check how at Getting Access
-
Request an Access Token: To request an access token from the authorization server, initiate an HTTP POST request to the token endpoint. Include the following parameters:
grant_type: Set to"client_credentials"token_url: authentication server endpointclient_id: Your organization's client ID.client_secret: Your organization's client secret.
-
Receive the Access Token: Upon successful authentication, you'll receive an access token
cURL Example
curl -X POST \
https://your-auth-server.com/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&client_id=your_client_id&client_secret=your_client_secret'
Postman Example
-
Create a new request
-
In the Authorization tab, set type to
OAuth 2.0 -
Fill in the
Configure New Tokenform with the following values:- Grant Type: Client Credentials
- Access Token URL:
https://your-auth-server.com/token - Client ID:
your_client_id - Client secret:
your_client_secret
-
Click on the
Get New Access Tokenbutton, which will trigger a popup saying 'Authentication complete'. -
In the
Manage Access Tokenspopup, hit theUse Token -
Proceed with your request. The generated token should be valid for 5 minutes