Authorization

Both sandbox and production environments use the OAuth2 protocol. Learn how to obtain an authorization token.
Always keep your credentials safe, as they provide access to sensitive customer data.

Docplanner API requires authorization via the OAuth2 protocol. For more information about OAuth2, see https://oauth.net/2/.
Obtaining Sandbox and Production Credentials
To receive client credentials for both the sandbox (testing) and production environments, follow the steps outlined in the Integration Process section.
Obtaining an Access Token
To request a bearer token, call the following endpoint (refer to the documentation here for a list of valid local domains):
https://www.{domain}/oauth/v2/token
When requesting a token, set the following parameters:
grant_type
: useclient_credentials
scope
: useintegration
Here is an example authorization request:
curl -u {client_id}:{client_secret} https://www.{domain}/oauth/v2/token -d 'grant_type=client_credentials&scope=integration'
Sample response:
{
"access_token": "03807cb390319329bdf6c777d4dfae9c0d3b3c35",
"expires_in": 3600,
"token_type": "bearer",
"scope": null
}
The bearer token remains valid for 24 hours and should be refreshed accordingly.
Keep your credentials secure!
Never share your API keys, client IDs, client secrets, or tokens in publicly accessible locations such as code repositories or client-side code.
All API requests must include the authorization token in the headers. Requests without a valid token will be rejected. Moreover, all interactions must occur over HTTPS for security. Requests over plain HTTP will be redirected to HTTPS with a 3XX status code.
Example of including the token in the request header:
Authorization: Bearer {access_token}
Do I need a new token for each request?
No. Tokens are valid for 24 hours after issuance. You should reuse the same token for all operations within that timeframe.
IP Whitelisting
When integrating with Docplanner, we may initiate outbound connections to your systems for webhooks and API callbacks. To ensure reliable delivery, you must whitelist our IP addresses.
Our IP addresses are dynamic and may change over time. Fetch the updated list periodically (daily recommended) from one of these endpoints:
JSON format:
https://www.{domain}/public/docs/public-ips.json
Plain text format:
https://www.{domain}/public/docs/public-ips.txt
Example JSON response:
{
"API": [
"10.0.xxx.xx",
"10.10.xxx.xx",
"172.20.xxx.xxx",
"172.31.xxx.xxx",
]
}
Example TXT response:
10.0.xxx.xx
10.10.xxx.xx
172.20.xxx.xxx
172.31.xxx.xxx