Authenticate
In order to make requests to the API you need to send an access token that is used to authenticate the request.
Request an access token
Before using the API you need an API key and secret. You can create these in the admin portal. Make sure you store these and make them available to your code in a secure way, through an environment variable or other secure mechanism. Do not commit them into a source control repository.
To use the API, your request must include a valid Access Token. To request an access token, make a Get Access Token request with the API key and secret in a JSON request body:
POST https://api.aluma.io/oauth/token
{
"client_id": "<API_KEY>",
"client_secret": "<API_SECRET>"
}
A successful request will return a 200 OK
response containing the access token and the number of seconds from now until its expiry time:
{
"access_token": "<MY_ACCESS_TOKEN>",
"expires_in": 86400
}
Your code should should make a request for a new access token a minute or two before each token's expiry.
Use the token to authenticate requests
With every subsequent request to the API specify an Authorization
header that includes the access token. The format for the header value is Bearer <ACCESS_TOKEN>
. If your header is missing or badly formatted, the access token is invalid, or your access token has expired you will receive a 401 Unauthorized
response from the API.
Updated 8 months ago