Authorization
Our APIs (and your licenses) are protected assets 😇.
It's a two-step process to gain access to our APIs. First you'll need a private API Key, they're free and instructions on how to create one can be found here.
With your API Key you can request an access_token using a standard OAuth2 client_credentials grant. They're short-lived access tokens (600 seconds) so for best-security practices we strongly recommend implementing our refresh_token grant as well, instead of replaying the Client Credentials grant.
Assuming you're familiar with OAuth2 grants, everything here is very much standard. If not, we use what's call JWTs (JSON web tokens) for validation, baking things like scope into the claims. The important part is, you use an API Key to request a temporary access token. The access token is then sent to the endpoint with each API call using the Authorization header with the value Bearer {token}. That's it.
With your grant request, you need to include a scope (scopes determine the services and permissions available with your token). Under the covers we leverage a variety of scopes, so if you're using our Advanced API keep an eye out.
Using our standard API's you only need the single scope index.
If you're still a bit confused, follow the link below to just try it out. The best way to learn is by doing.
Updated 8 months ago