Authentication¶
Tip
This tutorial will help you call your API using the Client Credentials Flow, where your Client ID and Client Secret are exchanged for a token, which is then used to authorize requests.
In order to make an authenticated call to the API, you must include your access token with the call. OAuth2 uses a BEARER token that is passed along in an Authorization header with each request.
Prerequisites¶
Before beginning this tutorial:
- Have a Wyzed Account
- Install the Wyzed API integration
- Have your Client ID, Client Secret and Base URL on hand
Steps¶
- Request a Token: Request an Access Token for your API.
- Call your API: Use the retrieved Access Token to call your API.
Request a Token¶
To access your API, you must request an Access Token for it. To do so, you will need to POST to the token URL.
We'll be using the Client Credentials flow, where your Client ID and Client Secret are exchanged for a token. That token is then used to authorize requests.
Example POST to token URL¶
1 2 3 4 5 6 7 | |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | |
Parameters¶
| Parameter Name | Description |
|---|---|
grant_type |
Set this to "client_credentials". |
client_id |
Your integration's Client ID. You receive this value when installing the Wyzed API integration. |
client_secret |
Your integration's Client Secret. You receive this value when installing the Wyzed API integration. |
Response¶
If all goes well, you'll receive an HTTP 200 response with a payload containing access_token, token_type, and expires_in values:
1 2 3 4 5 6 | |
Call your API¶
To call your API the application must pass the retrieved Access Token as a Bearer token in the Authorization header of your HTTP request.
This example sends a request to the /oauth/me endpoint.
1 2 3 4 5 | |
1 2 3 4 5 6 7 8 9 10 11 12 13 | |