Authentication
Spotnana APIs use a Bearer token to authenticate incoming requests. The following authorization header must be included in all requests to access Spotnana APIs.
Authorization: "Bearer <YOUR_TOKEN_HERE>"
Generating an authentication token
The following steps explain how to generate an authentication token.
Contact your Spotnana account representative to obtain a unique
client_id
andclient_secret
credentials.After receiving your credentials, you can generate the bearer authentication token by making a
POST
API request to the/v2/auth/oauth2-token
endpoint. The request must contain theclient_id
,client_secret
, andgrant_type=client_credentials
in the request body.
- The old token generation endpoint
/get-auth-token
has been deprecated. - Existing API users who want to migrate to the new
/v2/auth/oauth2-token
endpoint must obtain newclient_id
andclient_secret
credentials from Spotnana.
Sample request and response
The following code snippet is a sample curl
request to generate a bearer token.
curl --location 'https://api.spotnana.com/v2/auth/oauth2-token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=client_id' \
--data-urlencode 'client_secret=client_secret' \
--data-urlencode 'grant_type=client_credentials'
A successful response for the above curl
request will contain a temporary bearer token and its expiration time displayed in seconds.
{
"access_token": "<access_token>",
"expires_in": 3600,
"token_type": "Bearer"
}
When you're working with Spotnana APIs, this bearer access_token
must be included in every request as authorization header to validate the API calls. The following code snippet is a sample curl
request which shows how you can include the bearer token in a request header.
curl https://api.spotnana.com/v2/companies -H "Authorization: Bearer <YOUR_TOKEN_HERE>"
Note: When making an API call, if the bearer token has exceeded the expiration time limit, you will receive an error code of
401
with amessage
in the JSON response indicatingAccess Token Invalid
. In such cases, use the/v2/auth/oauth2-token
endpoint again to generate another unique bearer token.