View Categories

Authentication

3 min read

You can use the OAuth 2.0 Client Credentials flow to authenticate with the Cyclr API.

There are certain values you need to use in order to make calls to the Cyclr API:

  • API domain {CyclrAPIDomain}
  • Access token {access_token}
  • Account API ID {API_ID}
  • Client ID and Client Secret {client_id}{client_secret}
  • Service domain {YourServiceDomain}

API Domain #

The API domain you use to make calls to Cyclr’s API depends on where your Cyclr Console is hosted.

See here for details on how to identify the domain.

Note: Replace {CyclrAPIDomain} in the example calls below with the correct API domain for your Cyclr Partner Console’s location.

Access Token #

All calls to the Cyclr must provide the access token in the Authorize HTTP request header:

Authorization: Bearer {access_token}

Tokens expire after 14 days, so remember to generate a new one when necessary.

Request #

Once you have a Client ID and Client Secret, you can call the Cyclr API OAuth token endpoint to generate an access token.

POST https://{CyclrAPIDomain}/oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id={client_id}&client_secret={client_secret}

Parameters

These are passed in the Request Body:

ParameterDescription
grant_typeUse client_credentials to identify the OAuth flow.
client_idEnter the Client ID to identify which Cyclr Partner the token is for.
client_secretEnter the matching Client Secret for the Cyclr Partner.

Example Response #

{
    "token_type": "bearer",
    "access_token": "************",
    "expires_in": 1209599,
    "clientId": "************"
}

Response parameters

ParameterDescription
token_typeThe type of token is always bearer.
access_tokenThe token you can then use to make requests to the Cyclr API.
expires_inThe amount of time in seconds until the access token expires (14 days).
clientIdThe Client ID you provided when you made the request.

Account API ID #

For calls to Cyclr API endpoints that relate to an account, you need to provide the account’s API ID as an HTTP header in the request:

X-Cyclr-Account: {API_ID}

To view an account’s API ID in your Cyclr console, go to Accounts > Account Management and select the Settings icon for the account you want to work with.

Account restricted access tokens #

You can restrict access tokens to only work for a specific account if you include the API ID in the scope when you make the access token request:

POST https://{CyclrAPIDomain}/oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id=abcdefg&client_secret=abcdefghij123&scope=account:{API_ID}

Client ID and Client Secret #

To generate a Client ID and Client Secret from your Cyclr console:

  1. Go to Settings > OAuth Client Credentials.
  2. Select Generate Credentials.
  3. Write a description for the credential set, and select Ok.

The table displays the new Client ID next to the time you create it. To view the Client Secret, select the eye icon to the right side of the description.