Authentication
Introduction to Authentication
In order to securely access the API endpoints, developers must authenticate their requests using OAuth 2.0. Our API uses the Client Credentials flow, a protocol designed for server-to-server interactions where a client application needs to authenticate with the API directly.
OAuth 2.0 Overview
To begin, you will be issued a Client ID and a Client Secret, which serve as your credentials. These credentials must be kept secure, as they allow your application to obtain an access token.
Generating a Bearer Token
To authenticate, you need to generate a Bearer Token by making a POST request to the following endpoint:
Request Parameters
Your request should include the following parameters:
grant_type: Set this to
client_credentials.client_id: Your issued Client ID.
client_secret: Your issued Client Secret.
Example Request
Here is an example of how to generate a Bearer Token:
POST https://app.surveysphere.co.uk/connect/token
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_id=your_client_id&client_secret=your_client_secretResponse
A successful response will return a JSON object containing the Bearer Token:
{
"access_token": "your_generated_token",
"token_type": "Bearer",
"expires_in": 3600
}
Using the Bearer Token
Once you have obtained the Bearer Token, include it in the Authorization header of your API requests:
Authorization: Bearer your_generated_tokenBearer Token Expiry
The Bearer Token is valid for 60 minutes. After this period, you will need to generate a new token by repeating the authentication process. To ensure uninterrupted access to the API, third-party applications should implement logic to automatically renew the Bearer Token before or immediately after it expires.
This authentication mechanism ensures that only authorized applications can access the API, helping to secure the data and functionality provided by the API.
Last updated