Authentication¶
OAuth 2.0¶
The Uberflip API uses a Client Credentials OAuth2 flow. All requests must be authorized with an API token.
To receive an API token, perform a POST request to the /authorize endpoint while providing your API Key and Shared Secret. Your API Key and Shared Secret provide access to many parts of your account and therefore should be kept secret.
This endpoint creates and returns the details of an asset.
Request¶
POST https://v2.api.uberflip.com/authorize
| Query Parameters | Description |
|---|---|
| grant_type | The type of authentication (value: “client_credentials”) |
| client_id | The client identifier |
| client_secret | The client secret |
Response¶
| Body Parameters | Type | Description |
|---|---|---|
| access_token | String | The access token |
| expires_in | Integer | The time in seconds until the token expires |
| token_type | String | The token type |
Examples¶
curl -X POST -H "Content-Type: application/json" -d "{ \
\"grant_type\": \"client_credentials\", \
\"client_id\": \"[Client_Id]\", \
\"client_secret\": \"[Client_Secret]\" }" \
-i https://v2.api.uberflip.com/authorize
Sample response:
HTTP/1.1 200 OK
Content-Type: application/json
{
"access_token": "sziWcXAO6HxYN3IhlMFYPQizMONIZ8WDvdQ3f8im",
"expires_in": 3600,
"token_type": "Bearer"
}
API Credentials Rotation¶
API credentials should be changed from time to time. There are many scenarios where your credentials may become compromised: an employee with access may leave the company or your credentials may have accidentally been committed to version control or been publicized in your logs.
You can easily generate a new set of API Credentials from your Account.
Authorization¶
Every request should be submitted with an Authorization header with the value: “Bearer [Token]”.