To access our API services, you need a valid security pass.
There are three ways to obtain a security pass:
Call the login endpoint to authenticate and receive both an access token and a refresh token. Use the access token as your security pass, and use the refresh token to renew the access token before it expires. Ideal for app implementations that require client-side login authentication.
A persistent token has a longer expiry period than a regular access token. However, it must be obtained from an authorized user through the admin portal. The issuing user can revoke this token at any time. This option is ideal for data exchange between two servers where login authentication is not practical. It must be accompanied by a whitelisted server IP address to enforce additional security.
An API key functions similarly to a persistent token — it has a longer expiry period but is typically shorter in length (16 to 32 characters). This option is ideal for devices with header size limitations.
Each API request must include the Authorization header with the BEARER keyword.
Example: Authorization: BEARER eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJhdWQiOiIw ...
If you are using an API key, do not include the Bearer keyword in the Authorization header.
Example: Authorization: CNV004L45K5PMZ15ZSQZDA78EJ5CIV0G
For more info on client authentication, download the following documentation:
Download