DOCPLANNER INTEGRATIONS

Authorization

For authorization, Docplanner uses the industry standard OAuth2 protocol. To access the API, you need a set of client credentials. Learn how to authorize and gain access to our Sandbox environment.
Docplanner integrations - img
Docplanner integrations - icon

Both sandbox and production environments use the OAuth2 protocol. Learn how to obtain an authorization token.

Docplanner integrations - icon

Always keep your credentials safe, as they provide access to sensitive customer data.

Docplanner integrations - img

Docplanner API requires authorization via the OAuth2 protocol. For more information about OAuth2, see https://oauth.net/2/.

Obtaining Sandbox and Production Credentials

To receive client credentials for both the sandbox (testing) and production environments, follow the steps outlined in the Integration Process section.

Obtaining an Access Token

To request a bearer token, call the following endpoint (refer to the documentation here for a list of valid local domains):

https://www.{domain}/oauth/v2/token

When requesting a token, set the following parameters:

  • grant_type: use client_credentials
  • scope: use integration

Here is an example authorization request:

curl -u {client_id}:{client_secret} https://www.{domain}/oauth/v2/token -d 'grant_type=client_credentials&scope=integration'

Sample response:

{
    "access_token": "03807cb390319329bdf6c777d4dfae9c0d3b3c35",
    "expires_in": 3600,
    "token_type": "bearer",
    "scope": null
}

The bearer token remains valid for 24 hours and should be refreshed accordingly.

Keep your credentials secure!

Never share your API keys, client IDs, client secrets, or tokens in publicly accessible locations such as code repositories or client-side code.

All API requests must include the authorization token in the headers. Requests without a valid token will be rejected. Moreover, all interactions must occur over HTTPS for security. Requests over plain HTTP will be redirected to HTTPS with a 3XX status code.

Example of including the token in the request header:

Authorization: Bearer {access_token}
Do I need a new token for each request?

No. Tokens are valid for 24 hours after issuance. You should reuse the same token for all operations within that timeframe.

IP Whitelisting

When integrating with Docplanner, we may initiate outbound connections to your systems for webhooks and API callbacks. To ensure reliable delivery, you must whitelist our IP addresses.

Our IP addresses are dynamic and may change over time. Fetch the updated list periodically (daily recommended) from one of these endpoints:

  • JSON format: https://www.{domain}/public/docs/public-ips.json

  • Plain text format: https://www.{domain}/public/docs/public-ips.txt

Example JSON response:

{
  "API": [
    "10.0.xxx.xx",
    "10.10.xxx.xx",
    "172.20.xxx.xxx",
    "172.31.xxx.xxx",
  ]
}

Example TXT response:

10.0.xxx.xx
10.10.xxx.xx
172.20.xxx.xxx
172.31.xxx.xxx