Returns a token.
URL https://www.atto.co/about/contact
API Support support@atto.co
License All Rights Reserved © The IDCO. Ltd
Terms of Service
A request with the following payload to our endpoint should return an access token for use in subsequent calls in any of our Data API endpoints.
| Key | Value |
|---|---|
grant_type | client_credentials |
client_id | The client_id that we supplied to you |
client_secret | The client_secret that we supplied to you |
scope | The scope value for the API that you need access to |
Please find below the scopes values for our APIs, these values need to be specified when requesting a token:
| API | Scope |
|---|---|
| Atto Consent Service | api:consent |
| Atto Data API | api:data |
| Atto Stored Data API | api:stored_data |
| Atto Advanced Insights API | api:advanced_insights |
| Atto Connect Invitation API | api:connect_invitation |
Please note that the request should have a content-type of application/x-www-form-urlencoded
Assuming the authentication was successful, you should receive a 200 OK response.
The important fields in the authentication response are:
| Field | Description |
|---|---|
expires_in | The number of seconds before the token expires (defaults to 3600 seconds) |
token_type | Bearer |
access_token | The token you will use in subsequent requests |
If you expect to make repeated and/or delayed calls using this access_token, you should pay attention to the expires_in field and request a new token if you have exceeded the expiration time.
Once you have the access_token, you'll assign it to the Authorization header with a prefix of Bearer. More information can be found here.
curl -i -X POST \
https://uk.api.atto.co/v1/oauth2/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d grant_type=string \
-d client_id=string \
-d client_secret=string \
-d scope=string{ "tokenType": "string", "expiresIn": 0, "accessToken": "string" }