All requests to our APIs must be authenticated using OAuth 2.0.
Our implementation is based on the Client Credentials Grant flow, which is designed for secure, server-to-server communication. In this model, your application uses its assigned client_id and client_secret to obtain an access token from our Authorization Server.
Once issued, the access token must be included in every API call, using the Authorization header with the Bearer scheme. Access tokens are valid only for 1 hour, after which a new token must be requested.
Access tokens should be reused until they expire, rather than requesting a new token for each call, to keep integrations efficient.
If an API call is made with an expired, missing, or invalid token, the request will fail with a 401 Unauthorized response.