Spotnana APIs use a Bearer token to authenticate incoming requests. The following authorization header must be included in all requests to access Spotnana APIs.
Authorization: "Bearer <YOUR_TOKEN_HERE>"Note: API calls to the /v2/auth/oauth2-token and /get-auth-token endpoints are rate limited. We recommend reusing the existing tokens until they expire.
The following steps explain how to generate an authentication token.
Contact your Spotnana account representative to obtain a unique
client_idandclient_secretcredentials.After receiving your credentials, you can generate the bearer authentication token by making a
POSTAPI request to the/v2/auth/oauth2-tokenendpoint. The request must contain theclient_id,client_secret, andgrant_type=client_credentialsin the request body.
- The old token generation endpoint
/get-auth-tokenhas been deprecated. - Existing API users who want to migrate to the new
/v2/auth/oauth2-tokenendpoint must obtain newclient_idandclient_secretcredentials from Spotnana.
The following code snippet is a sample curl request to generate a bearer token.
curl --location 'https://api.spotnana.com/v2/auth/oauth2-token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=client_id' \
--data-urlencode 'client_secret=client_secret' \
--data-urlencode 'grant_type=client_credentials'A successful response for the above curl request will contain a temporary bearer token and its expiration time displayed in seconds.
{
"access_token": "<access_token>",
"expires_in": 3600,
"token_type": "Bearer"
}
When you're working with Spotnana APIs, this bearer access_token must be included in every request as authorization header to validate the API calls. The following code snippet is a sample curl request which shows how you can include the bearer token in a request header.
curl https://api.spotnana.com/v2/companies -H "Authorization: Bearer <YOUR_TOKEN_HERE>"Note: When making an API call, if the bearer token has exceeded the expiration time limit, you will receive an error code of
401with amessagein the JSON response indicatingAccess Token Invalid. In such cases, use the/v2/auth/oauth2-tokenendpoint again to generate another unique bearer token.