Atto Developer Documentation (all)
https://uk.api.atto.co/
https://us.api.atto.co/
To access our APIs you need to pass your client_id and client_secret, along with the scope that you are requesting, to our authentication service. If that all goes according to plan then an access_token will be returned to you, which is valid for one hour.
A request with the following payload to our endpoint should return an access token for use in subsequent calls in any of our Data API endpoints.
| Key | Value |
|---|---|
grant_type | client_credentials |
client_id | The client_id that we supplied to you |
client_secret | The client_secret that we supplied to you |
scope | The scope value for the API that you need access to |
Please find below the scopes values for our APIs, these values need to be specified when requesting a token:
| API | Scope |
|---|---|
| Consent Service | api:consent |
| Data API | api:data |
| Stored Data API | api:stored_data |
| Advanced Insights API | api:advanced_insights |
| Connect Invitation API | api:connect_invitation |
| Credit Information API | api:cis |
Please note that the request should have a content-type of application/x-www-form-urlencoded
Assuming the authentication was successful, you should receive a 200 OK response.
The important fields in the authentication response are:
| Field | Description |
|---|---|
expires_in | The number of seconds before the token expires (defaults to 3600 seconds) |
token_type | Bearer |
access_token | The token you will use in subsequent requests |
If you expect to make repeated and/or delayed calls using this access_token, you should pay attention to the expires_in field and request a new token if you have exceeded the expiration time.
Once you have the access_token, you'll assign it to the Authorization header with a prefix of Bearer. More information can be found here.