How to authenticate with Config API

A basic example of how to get authenticated with the Config API

The following steps will guide you to authenticate to our Config API

  1. Make a POST request to the /sessions with your credentials
    const sessionsEndPoint= "";
    const credentials = {
        "email": "",
        "password": "password123"
    fetch(sessionsEndPoint, credentials).then(reponse => {
         The response will return an object with the following structure:
             "status": "success",
             "idToken": "string",
             "accessToken": "string",
             "refreshToken": "string"
         // Attach the returned "accessToken" in the header of any subsequent call to the API
         const { accessToken } = response
  2. Attach the returned accessToken as Authorization: Bearer <token> in the HTTP header of any subsequent call to the API

Expiry time of the Tokens

accessToken: An Access Token is a credential that can be used by an application to access the Configuration API. It is active for 1 hour.

refreshToken: The Refresh Token is a special token that can be used to obtain a renewed accessToken. It is active for 60 days.

Best Practises on using the Session API

  1. Have a fail/retry strategy for using the access token – if it expires, catch the failure, reauthenticate to get a new access token and try again.
  2. The refresh token can be used, but for an m2m integration, it’s less important (the email/password can be used instead). The refresh token is typically used by less secure clients such as browsers.
Created by Melwin Chiramel on October 18, 2019