In this article
Access Tokens
All requests to our APIs need to be authenticated. This authentication is done using access_tokens (Oauth 2.0). To get an access_token you must call our token end-point and supply your ClientId and ClientSecret. Access_tokens remain valid for a limited time.
ClientIds and ClientSecrets are provided by our support organization. Please contact forstasupport@forsta.com to obtain them.
Note: The token should ideally be cached and re-used for all requests made within the time the token is valid.
Example (Token Request)
POST https://<host>/identity/connect/token HTTP/1.1
Accept: application/json
Content-Type: application/x-www-form-urlencoded
client_id=<ClientId>&client_secret=<ClientSecret>&grant_type=api-user&scope=
Note: The scope indicates which API you can access. You get this when receiving your client_id and client_secret. Ex. scope=pub.surveys will indicate that you ask for a token that has access to the public survey api.
Example (Token Response)
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: ~
{
"access_token":"4cb63760cb19552fc5cde5f37b649b7c",
"expires_in":3600,
"token_type":"Bearer"
}