OAuth 2.0 has become the “industry-standard protocol for authorization”, and we use it to secure our API. In order to authenticate with our servers using the OAuth 2.0 flow, you’ll need to grab a client ID and a client secret from the Settings → Integrations & Plugins → Cerkl API v3 page. Hit the “Generate New OAuth Credentials” button and name your new OAuth 2.0 client credentials something useful.
Be sure to save your client credentials — we can only display your client secret once. You will be using these credentials to work with Cerkl API v3 in your codebase, on our API Reference page, and in Postman. If you do lose your credentials don’t worry — it’s really just a minor inconvenience. You can generate another client ID and client secret using the same method described above.
Once you have your client credentials, you will need to authenticate with our OAuth 2.0 server to receive an access token. This token is your key to using Cerkl API v3 in your codebase, “the thing that applications use to make API requests on behalf of a user” if you will. Visit this page to read more about OAuth 2.0 access tokens.
To authenticate with your client credentials and receive an access token, it depends on how you are working with Cerkl’s API.
To authenticate within your codebase, use any library/tool capable of making HTTP requests to
POST your client
credentials to our OAuth 2.0 token endpoint. Using cURL, you might end up with
something like this:
client_secret credentials, you should receive an access token upon successful completion
of your request to our OAuth 2.0 server. You can use this access token in your code to start making useful API calls and
integrating your systems.
As a point of security, the access tokens we issue only last 12 hours. In the event your processes that use our API take longer than that, we recommend splitting your integration tasks up into multiple jobs or utilizing the refresh token provided to you during authentication.