How to authenticate API calls

This section explains how to authenticate your API calls.

The following topics are covered:

  • Authentication using OAuth 2.
  • What is an access token?
  • How to get an access token.
  • How to include an access token in a call.

Authentication using OAuth 2

API calls that you make are authenticated using OAuth 2. OAuth 2 is an open standard for authorisation. It relies on the use of access tokens rather than credentials (such as a username and password). One of the benefits of OAuth 2 is that you do not need to transmit user credentials over the wire when making calls. Instead, the OAuth process provides you with an access token that you send with your API calls. The access token is used for authentication purposes.

What is an access token?

An access token is a credential that you use when making API calls. It is a unique string of numbers and letters that you include with your API calls to validate that you have permission to access the API. Your access token is private and must be kept confidential.

How to get an access token

You must raise a support ticket to request an access token.

How to include an access token in a call

You must include your token in the call's HTTP authorization header as a bearer credential.

Example Header with an Access Token
curl -H "Authorization: Bearer d567fde24865df35defff57862dw2r42"