API authentication guide

In order to work with our API, you must first obtain a JWT (JSON Web Token) by authenticating with the /api/v1/authenticate endpoint. The JWT token is necessary for all API requests, regardless of whether they involve user-specific actions.

Requesting a JWT token

To request a token, send a POST request to the following endpoint with your API client credentials:

Once authenticated, the server will return:

Authorization token: A token that must be included in the header of each request.
Refresh token: A token used to request a new authorization token when the current one expires.

Example header with the authorization token:

http

Authorization: Bearer {token}

Token expiry

Tokens are valid for 1 hour. If the token expires, you will receive a 400 Bad Request error in response to any API request. It will be accompanied by the JSON-payload below:

json

{
    "errors": {
        "ER801": {
            "code": "ER801",
            "message": "Authorization token has expired.",
            "solution": "Request a new authorization token."
        }
    }
}

To prevent this, you can refresh your token before it expires by using the refresh token.

Refreshing the token

To refresh the token, send a POST request to the /api/v1/refresh endpoint along with the refresh token you received during authentication:

This will return a new authorization token, which is valid for another hour. The refresh token itself is valid for 1 month but will be reset when a new token is generated.

API authentication guide ​

Requesting a JWT token ​

Token expiry ​

Refreshing the token ​

API authentication guide

Requesting a JWT token

Token expiry

Refreshing the token