DocumentationAPI ReferenceChangeLog
LoginSign UpSystem StatusSupport

Authentication

Suggest Edits

In order to use the API, the user must first be authenticated. The API uses a JWT access token for authentication. This access token must be provided to the API with every request as an Authorization header.

Getting a valid access token

A valid token can be obtained by making a POST call to the Authentication Token Service
In order to get a valid access token from the end point, the user needs to pass in a grantType in the request body. This determines the type of authentication. There are two ways to authenticate:

User Credentials

To retrieve an access token for the first time, grantType must be set to resource_owner_credentials. This means the user needs to pass a username (their email) and a password in the request.

Sample request body:

{
"grantType": "resource_owner_credentials", 
"username": "YOUR_USERNAME", 
"password": "YOUR_PASSWORD" 
}

Sample response: 

{ 
"accessToken": "NEW_ACCESS_TOKEN", 
"refreshToken": "NEW_REFRESH_TOKEN",
"tokenType": "Bearer"
}

Refresh Token

A refresh token is valid for 24 hours and can be used to obtain new access tokens when the current one expires. The user needs to make another call to the endpoint with grantType refresh_token and pass the refresh token returned from the previous request. Any request made to the endpoint with grantType refresh_token will not return a new refresh token.

Sample request body:

{
    "grantType": "refresh_token", 
    "refreshToken": "YOUR_REFRESH_TOKEN"
}

Sample response: 

{
    "accessToken": "NEW_ACCESS_TOKEN", 
    "refreshToken": null,
    "tokenType": "Bearer"
}

Updated about 2 months ago