Authorization
Both sandbox and production environments use the OAuth2 protocol. Learn how to obtain an authorization token.
Always keep your credentials safe, as they provide access to sensitive customer data.
Docplanner API requires authorization via the OAuth2 protocol. For more information about OAuth2, see https://oauth.net/2/.
Obtaining Sandbox and Production Credentials
To receive client credentials for both the sandbox (testing) and production environments, follow the steps outlined in the Integration Process section.
Obtaining an Access Token
To request a bearer token, call the following endpoint (refer to the documentation here for a list of valid local domains):
https://www.{domain}/oauth/v2/token
When requesting a token, set the following parameters:
grant_type: useclient_credentialsscope: useintegration
Here is an example authorization request:
curl -u {client_id}:{client_secret} https://www.{domain}/oauth/v2/token -d 'grant_type=client_credentials&scope=integration'
Sample response:
{
"access_token": "03807cb390319329bdf6c777d4dfae9c0d3b3c35",
"expires_in": 3600,
"token_type": "bearer",
"scope": null
}
The bearer token remains valid for 24 hours and should be refreshed accordingly.
Keep your credentials secure!
Never share your API keys, client IDs, client secrets, or tokens in publicly accessible locations such as code repositories or client-side code.
All API requests must include the authorization token in the headers. Requests without a valid token will be rejected. Moreover, all interactions must occur over HTTPS for security. Requests over plain HTTP will be redirected to HTTPS with a 3XX status code.
Example of including the token in the request header:
Authorization: Bearer {access_token}
Do I need a new token for each request?
No. Tokens are valid for 24 hours after issuance. You should reuse the same token for all operations within that timeframe.