Syncari Embed uses token-based authentication. You'll use your Client ID and Client secret to make a request to the POST/oauth/token
endpoint. Syncari responds with an access token to use for subsequent requests. You'll need to securely store the access_token
and refresh_token
in your app to include in the Authorization
header parameter for all requests.
Tokens remain active for three hours. After three hours, the token must be refreshed.
Obtain an Access Token
Endpoint Reference
oauth/token
See Get Access Token in the API Reference Documentation.
Create a POST
request to the OAuth/token
endpoint where:
grant_type=client_credentials
-
client_id
andclient_secret
are your API credentials. Content-Type: application/x-www-form-urlencoded
Example Request
curl --location --request POST 'https://api.syncari.com/api/v1/oauth/token?grant_type=client_credentials&client_id=<Syncari Client ID>&client_secret=<Syncari Client Secret>' --header 'Content-Type: application/x-www-form-urlencoded'
Syncari returns a response containing a JSON object with the access token and additional data. Here's an example. Note that actual access tokens are longer than this example.
{
"access_token": "<Access token string>",
"refresh_token": "<Refresh token string>",
"token_type": "Bearer",
"expires_in": 10800
}
The response includes these properties:
access_token
— The token that grants access to Syncari APIs. Store this securely within your application to make subsequent calls to the Syncari Embed APIs.
refresh_token
— The token that you can use to obtain new a new access_token
and refresh_token
.
token_type
— The type of token. Syncari uses Bearer tokens.
expires_in
— The period, in seconds, until the access token expires. Three hours.
Obtaining a Refresh Token
Endpoint Reference
oauth/token
See Get Access Token in the API Reference Documentation.
To obtain a refresh token, send a request to the POST/oauth/token
endpoint with the previous refresh_token
and your API credentials.
curl --location --request POST 'https://api.syncari.com/api/v1/oauth/token?grant_type=refresh_token&client_id=<Syncari Client ID>&client_secret=<Syncari Client SecretD>&refresh_token=<Refresh token from previous request' --header 'Content-Type: application/x-www-form-urlencoded'
The response includes a new access_token
and refresh_token
for storing securely in your app.
Example Response
{
"access_token": "<Access token string>",
"refresh_token": "<Refresh token string>",
"token_type": "Bearer",
"expires_in": 10800
}