Authentication
Authentication is performed via the JSON Web Tokens standard. A JWT must be sent as a standard Authorization Bearer token on each request. Obtaining a token requires having API credentials.
Creating API Credentials
Integrators provision and rotate API credentials in the Integration Dashboard through a GoTab Sandbox Account. If you are not already a GoTab API User or do not have a sandbox account please contact [email protected]. Review API Credential Creation for more information.
The two credentials provided are an api_access_id
and api_access_secret
.
Requesting an Access Token
The API credentials api_access_id
and api_access_secret
need to be included in the request body and response body will return a token
and refreshToken
.
curl --request POST \
--url https://gotab.io/api/oauth/token \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '
{
"api_access_id": "string",
"api_access_secret": "string"
}
'
{
"tokenType": "Bearer",
"token": "",
"initiated": 1659020513,
"expires": 1659106913,
"expiresIn": 86400,
"refreshToken": ""
}
The token
is short lived and will expire after 24 hours. It is recommended to refresh your token before 24 hours has elapsed to avoid disruptions. The refresh token does not expire but you will be required to generate a new auth and refresh token if they are revoked.
Refresh Token Errors
An auth token may be revoked at any time so it is also recommended to gracefully handle token expiration errors.
- When a token is expired or has been revoked a 401 error is returned and the request can be retried.
- When a token is invalid a 403 error is returned and you should not retry the request without modifying the data.
Updated 7 months ago