Authentication

All API methods require you to authenticate yourself. We use OAuth 2 for this, in particular we use the following grant types:

• client_credentials to authenticate clients for non-user specific tasks
• password to authenticate users
• refresh_token to refresh a user token once it expires

POST /oauth/v2/token

Returns an access token valid for up to an hour.

Authenticating a client

Example request for client authentication:

POST /oauth/v2/token

{
  "grant_type": "client_credentials",
  "client_id": "abc123",
  "client_secret": "456789"
}

Example response for client authentication:

{
  "access_token": "MTI1ZWFkNDBmYjOGVmMGI0YzRjMGMzZGE4MQ",
  "expires_in": 3600,
  "token_type": "bearer",
  "scope": null
}

Authenticating a user

Example request for user authentication:

POST /oauth/v2/token

{
  "grant_type": "password",
  "client_id": "abc123",
  "client_secret": "456789",
  "username": "someone@example.com",
  "password": "def56789"
}

Example response for client authentication:

{
  "access_token": "MTI1ZWFkNDBmYjOGVmMGI0YzRjMGMzZGE4MQ",
  "expires_in": 3600,
  "token_type": "bearer",
  "scope": null,
  "refresh_token": "NmI5ZGI3MzBmZjYwY2E1ZTlkYTM4MTJlMmI1Z"
}

Refreshing a user access token

Example request for user authentication:

POST /oauth/v2/token

{
  "grant_type": "refresh_token",
  "client_id": "abc123",
  "client_secret": "456789",
  "refresh_token": "NmI5ZGI3MzBmZjYwY2E1ZTlkYTM4MTJlMmI1Z"
}

Example response for client authentication:

{
  "access_token": "ZDdkODE4Y2FkMzM4ZDcxZDIxM2M0ZjE2MTE4NG",
  "expires_in": 3600,
  "token_type": "bearer",
  "scope": null,
  "refresh_token": "YWYyMzI2ZjM1ZWVjODZhM2FkMWQwMTEzMjQ5NGF"
}