Documentation
Start typing to search…

Authentication Flow

How to authenticate with our API.

Our API is secured by OAuth 2.0, which is the de facto standard for access delegation. This section describes how to authenticate with our platform by getting an access token that will allow you to perform actions using our API.

This document provides a high-level overview of the process for using the authorization code grant type and the API calls used to interact with our platform. If you would like to use our API please contact us at [email protected] we will issue you a client_id and client_secret.

If you are unfamiliar with the OAuth 2.0 standard and how it works you can refer to the OAuth2 client credentials flow.

Getting an Access Token

The client_credentials grant type type is OAuth's recommended method for obtaining access tokens for machine-to-machine authorization. Since there is no end-user involvement it allows a partner to request an Access Token directly using its client_id and client_secret (Do not share these credentials).


Step 1 - Request an Access Token

curl -request POST \
  -URL "$BASE_URL/oauth/token" \
    -header 'Accept: application/json; version=1.0.0' \
    -header 'Content-Type: application/json' \
    -data '{
      "client_id": "${CLIENT_ID}",
      "client_secret": "${CLIENT_SECRET}",
      "grant_type": "client_credentials"
    }'

With a valid request you will receive the following response:

{ 
  "accessTtoken": <$ACCESS_TOKEN>,
  "expiresIn": 86400, 
  "tokenType": "bearer", 
}

Step 2 - Using your Access Token

Once you've obtained an Access Token, you can start making authenticated API requests. To do this you'll include an "Authorization" header with a Bearer token in your request to the API.

Here is a sample HTTP request including the header value that includes the token:

curl -request GET \
  -URL "$BASE_URL/model-portfolios" \
  -header 'Accept: application/json; version=1.0.0' \
  -header 'Authorization: Bearer "${ACCESS_TOKEN}" \

Step 3 - Handling an Expired Token

Our access tokens are valid for 24 hours, after which the token expires. Your application MUST request a new access token, as described in Step 1 - Request Access Token, in order to continue to be authorized.

After the authorization server grants a new token to your application you can continue to use our API endpoints.

Updated 23 days ago