Generate a user token to authenticate with the API
To generate a token for API calls, follow these steps on our Swagger page or from an external application or script:
To begin, you must determine the specific Swagger page that you need to connect to US, UK, EU or AU
To begin utilizing the appropriate Swagger page, navigate to the Users section by scrolling down.
You will use the /api/Users/authenticate post. You can click Try it out.
If MFA is enabled, run the call ResendMfaCode first !
The call can be edited. Be sure to replace the username and password strings with your actual username, password, and MFA code, if applicable.
"userName": "replace",
"password": "replace",
"oneTimePasscode": "replace"
Once you have the strings that need to be replaced with your username, password, and MFA code, click the blue bar labeled Execute. If the process is successful, it will display the curl command, the request URL, the response body, and the response header.
Now the information you need from here will come from the response body. You only need to data between the quotation marks after the semicolon.
For example the response body provided is: "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOiJyZWFkZXIiLCJVc2VySWQiOiIxNDQiLCJVc2VyTmFtZSI6Ik1hdHRoZXdDU1RocnUiLCJGaXJzdE5hbWUiOiJNYXR0aGV3IiwiTGFzdE5hbWUiOiJMb2ZsaW4iLCJUZW5hbnRJZCI6IjY1IiwiY3R4IjoiNTk5NiIsIlByaXZpbGVnZUNvZGVzIjoiMTAwLDEwOSwxMTAsMTEzIiwiQ3VzdG9tZXJOYW1lIjoiQ1MgVGhydSAiLCJDdXN0b21lclN5c3RlbUNvZGUiOiJDVVZORkciLCJPcmdJZHMiOiIiLCJQZXJtaXNzaW9uQ29kZXMiOiIxMDAwLDYwMTEiLCJUcnVzdGVkRGV2aWNlRXhwaXJlcyI6IjE2Nzg4MjM5NDQiLCJleHAiOjE2Nzg5MTAzNDQsImlzcyI6Imh0dHBzOi8vaWRtLnRocnVpbmMuY29tOjQwMDk5IiwiYXVkIjoiaWRtLnRocnVpbmMuY29tIn0.Rdia1AXVhxPu0blIlyctZI0lcNVmPSdRsi6PjY3BjdMIvVDLmDm9SD2kDLUJ3LNGu2Cy5jwrEdIvDc6tsPLEiyWWcMhaeCaN9vwxsY0dsJ1kPWtBMDQMGqpeVA9iuSbxxcMGGuJk7hpmZxzQc5naZ4LB9Xcvb_bGBqs4XJFaUzrqKj4FecVR6PH-pwlACESkcA9ew5U8uYyaLNNL-Bn265JVsioxIC5btAHkwc2adivkJf4G8GOx4stC_elC3FseSJ8eo7EgKcLXfe2klKbi0goEm1kpJ2s8DjjmtyG5pE8P9Vsb_Pj2FmURqnFYyJO_2wlSMxCTrYZ96l71lu--ww"
However an example of the information you need will start with the e and end at the w, this is shown below.
The information you will take from the response body is:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOiJyZWFkZXIiLCJVc2VySWQiOiIxNDQiLCJVc2VyTmFtZSI6Ik1hdHRoZXdDU1RocnUiLCJGaXJzdE5hbWUiOiJNYXR0aGV3IiwiTGFzdE5hbWUiOiJMb2ZsaW4iLCJUZW5hbnRJZCI6IjY1IiwiY3R4IjoiNTk5NiIsIlByaXZpbGVnZUNvZGVzIjoiMTAwLDEwOSwxMTAsMTEzIiwiQ3VzdG9tZXJOYW1lIjoiQ1MgVGhydSAiLCJDdXN0b21lclN5c3RlbUNvZGUiOiJDVVZORkciLCJPcmdJZHMiOiIiLCJQZXJtaXNzaW9uQ29kZXMiOiIxMDAwLDYwMTEiLCJUcnVzdGVkRGV2aWNlRXhwaXJlcyI6IjE2Nzg4MjM5NDQiLCJleHAiOjE2Nzg5MTAzNDQsImlzcyI6Imh0dHBzOi8vaWRtLnRocnVpbmMuY29tOjQwMDk5IiwiYXVkIjoiaWRtLnRocnVpbmMuY29tIn0.Rdia1AXVhxPu0blIlyctZI0lcNVmPSdRsi6PjY3BjdMIvVDLmDm9SD2kDLUJ3LNGu2Cy5jwrEdIvDc6tsPLEiyWWcMhaeCaN9vwxsY0dsJ1kPWtBMDQMGqpeVA9iuSbxxcMGGuJk7hpmZxzQc5naZ4LB9Xcvb_bGBqs4XJFaUzrqKj4FecVR6PH-pwlACESkcA9ew5U8uYyaLNNL-Bn265JVsioxIC5btAHkwc2adivkJf4G8GOx4stC_elC3FseSJ8eo7EgKcLXfe2klKbi0goEm1kpJ2s8DjjmtyG5pE8P9Vsb_Pj2FmURqnFYyJO_2wlSMxCTrYZ96l71lu--ww
Once you have copied this information, return to the top of the page and click on the green Authorize button.
You will need to paste your data into the value box. After pasting, click the green Authorize button. If the process is successful, you will see a confirmation message.
Now you are prepared to execute example API calls.
Additionally, the bearer token is designed to expire after approximately 10 to 15 minutes as a security measure.
To maintain access, you can use the refresh token obtained from the authentication request. By passing this refresh token into the refresh access token call, you will reset the expiration timer. If you do not do this, you will need to repeat the entire authentication process or resort to using an API key.
