You can use the OAuth 2.0 Client Credentials flow to authenticate with the Cyclr API.
There are several values you need in order to make calls to the Cyclr API:
- API Domain
{CyclrAPIDomain} - Access Token
{access_token} - Account API ID
{API_ID} - Client ID and Client Secret
{client_id},{client_secret}
API Domain #
The API domain you use to make calls to Cyclr’s API depends on where your Cyclr Console is hosted.
See here for details on how to identify the domain.
Note: Replace {CyclrAPIDomain} in the example calls below with the correct API domain for your Cyclr Partner Console’s location.
Access Token #
Calls to the Cyclr API must include an Access Token in the Authorize HTTP request header as a Bearer token, e.g.:
Authorization: Bearer {access_token}Access Tokens are valid for 14 days so remember to generate a new one when necessary.
Request #
Once you have a Client ID and Client Secret, you can call the Cyclr API OAuth token endpoint to generate an access token.
POST https://{CyclrAPIDomain}/oauth/token
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_id={client_id}&client_secret={client_secret}Parameters
These are passed in the Request Body:
| Parameter | Description |
|---|---|
| grant_type | Use client_credentials to identify the OAuth flow. |
| client_id | Enter the Client ID to identify which Cyclr Partner the token is for. |
| client_secret | Enter the matching Client Secret for the Cyclr Partner. |
Example Response #
{
"token_type": "bearer",
"access_token": "************",
"expires_in": 1209599,
"clientId": "************"
}Response Parameters
| Parameter | Description |
|---|---|
token_type | The type of token is always bearer. |
access_token | The token you can then use to make requests to the Cyclr API. |
expires_in | The amount of time in seconds until the access token expires (14 days). |
clientId | The Client ID you provided when you made the request. |
Account API ID #
For calls to Cyclr API endpoints that relate to a Cyclr Account, you need to provide the Account’s API ID as an HTTP header in the request:
X-Cyclr-Account: {API_ID}To view an Account’s API ID, in your Cyclr Console, go to Accounts > Account Management and select the Settings icon for the Account you wish to work with. The API ID appears towards the top of the page.
Account restricted Access Tokens #
You can restrict Access Tokens to only work for a specific Cyclr Account by including the API ID in a scope parameter when you make the access token request:
POST https://{CyclrAPIDomain}/oauth/token
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_id=abcdefg&client_secret=abcdefghij123&scope=account:{API_ID}Client ID and Client Secret #
To generate a Client ID and Client Secret from your Cyclr console:
- Go to Settings > OAuth Client Credentials.
- Select Generate Credentials.
- Write a description for the credential set, and select Ok.
The table displays the new Client ID next to the time you create it. To view the Client Secret, select the eye icon to the right side of the description.
