To secure our APIs we use OAuth 2.0 and therefore all of our APIs require a valid access token. For every request it’s required to provide a access token, it should be specified in a authorization header as a bearer token, format Bearer {access_token}.

To generate a access token you will need a ClientId and ClientSecret. If you are a system administrator in Winningtemp you can generate these from inside the application. Go to your settings page and then to Apps / Developer Api. Here you can generate a client id and a client secret.

Take note of the generated Client Secret, you will not be able to see it again. If you loose it you will need to generate a new pair of keys.

Now you can use the /auth endpoint to generate a access token. Read more about that endpoint to see how to use the clientid and clientsecret.

The expiration time of our access tokens is set to one hour (you can get the expiration time in the authentication result). Because we use the OAuth 2.0 client credentials flow we don’t get any refresh token, only an access token upon successful authentication. So when the token expires just initiate another one.