References¶

Retrieving an auth token¶

Exchange your Client ID and Client Secret for a JWT access token.

POST /oauth2/token

Request¶

Headers¶

Header	Value	Description
Authorization	Basic `<credentials>`	Base64-encoded `clientId:clientSecret`
Content-Type	application/x-www-form-urlencoded	Required

URL Parameters¶

Parameter	Type	Description	Required
grant_type	String	Must always be `client_credentials`	Yes

Sample Request¶

POST /oauth2/token?grant_type=client_credentials

Response¶

Field	Type	Description
access_token	String	The JWT token to use in the `Authorization` header for all API calls.
token_type	String	Always `Bearer`.
expires_in	Integer	Token validity duration in seconds. Currently `3600` (1 hour).

Sample Response¶

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6...",
  "token_type": "Bearer",
  "expires_in": 3600
}

Error Responses¶

HTTP 401 - Unauthorized¶

Returned when the Client ID or Client Secret is invalid or the credentials are not correctly Base64-encoded.

{
  "error": "invalid_client"
}

Tip

Tokens are valid for 3600 seconds (1 hour). Cache the token and reuse it for subsequent requests. Request a new token only when you receive an HTTP 401 response from the API, or proactively before the expires_in duration elapses.