Authentication

Spotnana APIs use a Bearer token to authenticate incoming requests. The following authorization header must be included in all requests to access Spotnana APIs.

Authorization: "Bearer <YOUR_TOKEN_HERE>"

Generating an authentication token

Spotnana partners can generate the bearer authentication token by sending a POST request to the /v2/auth/oauth2-token API endpoint. The request must contain the clientId, clientSecret, and grant_type=client_credentials in the request body. Contact your Spotnana account representative to obtain the clientId and clientSecret credentials. The following code snippet is a sample curl request to generate a bearer token.

curl --location 'https://api.spotnana.com/v2/auth/oauth2-token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=client_id' \
--data-urlencode 'client_secret=client_secret' \
--data-urlencode 'grant_type=client_credentials'

The old token generation endpoint /get-auth-token has been deprecated. Use the /v2/auth/oauth2-token endpoint to generate the bearer token as mentioned above.

A successful response for the above curl request will contain a temporary bearer token and its expiration time displayed in seconds.


{
  "access_token": "<access_token>",
  "expires_in": 3600,
  "token_type": "Bearer"
}

When you're working with Spotnana APIs, this bearer access_token must be included in every request as authorization header to validate the API calls. The following code snippet is a sample curl request which shows how you can include the bearer token in a request header.

curl https://api.spotnana.com/v2/companies -H "Authorization: Bearer <YOUR_TOKEN_HERE>"

Note: When making an API call, if the bearer token has exceeded the expiration time limit, you will receive an error code of 401 with a message in the JSON response indicating Access Token Invalid. In such cases, use the /v2/auth/oauth2-token endpoint again to generate another unique bearer token.