API Authentication

Authentication process

This API uses OAuth2 Client Credentials authentication provided by AWS.

This method is designed for server-to-server communication, where no end-user is directly involved. Instead, the client application authenticates itself using a Client ID and Client Secret.

1. Obtain Client Credentials

You will be provided with:

  • Client ID
  • Client Secret

These values are generated by Involve and will uniquely identify and secure your application.

2. Request an Access Token

Send a POST request to the SQOD token endpoint:

POST https://auth.app.sqod.co.uk/oauth2/token
Content-Type: application/x-www-form-urlencoded
Authorization: Basic <base64(client_id:client_secret)>

Including the following request body:

grant_type=client_credentials

3. Receive an Access Token

A successful response looks like this:

{
  "access_token": "eyJraWQiOiJhb...",
  "expires_in": 3600,
  "token_type": "Bearer"
}
  • access_token – The token used to authorize API requests
  • expires_in – Token lifetime in seconds (3600 = 1 hour)
  • token_type – Always "Bearer"

4. Call the API with the Token

When sending a request you'll need to include the token in the Authorization header when calling the API:

Authorization: Bearer eyJraWQiOiJhb...

Example:

GET https://api.yourcompany.com/v1/resource
Authorization: Bearer eyJraWQiOiJhb...
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.