API Authentication

Authentication process

This API uses OAuth2 Client Credentials authentication provided by AWS.

This method is designed for server-to-server communication, where no end-user is directly involved. Instead, the client application authenticates itself using a Client ID and Client Secret.

1. Obtain Client Credentials

You will be provided with:

  • Client ID
  • Client Secret

These values are generated by Involve and will uniquely identify and secure your application.

2. Request an Access Token

Send a 'POST' request to the SQOD token endpoint:

POST https://auth.app.sqod.co.uk/oauth2/token

Content-Type: application/x-www-form-urlencoded

Authorization: Basic <base64(client_id:client_secret)>

Including the following request body:

grant_type=client_credentials

3. Receive an Access Token

A successful response looks like this:

{

"access_token": "eyJraWQiOiJhb...",

"expires_in": 3600,

"token_type": "Bearer"

}
  • access_token  – The token used to authorize API requests
  • expires_in  – Token lifetime in seconds (3600 = 1 hour)
  • token_type  – Always "Bearer"  

4. Call the API with the Token

When sending a request you'll need to include the token in the 'Authorization'  header when calling the API:

Authorization: Bearer eyJraWQiOiJhb...

Example:

GET https://api.yourcompany.com/v1/resource

Authorization: Bearer eyJraWQiOiJhb...
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.