Overview
The API uses OAuth 2.0 for authentication with JWT tokens. We support multiple authentication flows:- Authorization Code Flow - For web applications with users
- Client Credentials Flow - For machine-to-machine API access
Getting Started
1. Obtain API Credentials
Log in to the platform and navigate to the API Settings section to:- Register your application
- Get your Client ID and Client Secret
- Configure your OAuth redirect URLs
2. Choose Authentication Flow
For Web Applications (Authorization Code Flow)
Best for apps where a user is present:- Direct users to our authorization endpoint
- Exchange the authorization code for tokens
- Use the access token to make API requests
- Refresh tokens when needed
For Machine-to-Machine APIs (Client Credentials Flow)
Simplified flow for server-side applications:- Get an access token directly using client credentials
- Use the access token to make API requests
3. Making Authenticated Requests
Include the access token in all API requests:Security Best Practices
- Store client secrets securely
- Use HTTPS for all API requests
- Implement proper token validation
- Rotate refresh tokens (handled automatically)
- Request only necessary scopes
- Validate token expiration