URL https://www.atto.co/about/contact
API Support support@atto.co
License All Rights Reserved © The IDCO. Ltd
Terms of Service
To access our APIs you need to pass your client_id and client_secret, along with the scope that you are requesting, to our authentication service. If that all goes according to plan then an access_token will be returned to you, which is valid for one hour.
A request with the following payload to our endpoint should return an access token for use in subsequent calls in any of our Data API endpoints.
| Key | Value |
|---|---|
grant_type | client_credentials |
client_id | The client_id that we supplied to you |
client_secret | The client_secret that we supplied to you |
scope | The scope value for the API that you need access to |
Please find below the scopes values for our APIs, these values need to be specified when requesting a token:
| API | Scope |
|---|---|
| Atto Consent Service | api:consent |
| Atto Data API | api:data |
| Atto Stored Data API | api:stored_data |
| Atto Advanced Insights API | api:advanced_insights |
| Atto Connect Invitation API | api:connect_invitation |
Please note that the request should have a content-type of application/x-www-form-urlencoded
Assuming the authentication was successful, you should receive a 200 OK response.
The important fields in the authentication response are:
| Field | Description |
|---|---|
expires_in | The number of seconds before the token expires (defaults to 3600 seconds) |
token_type | Bearer |
access_token | The token you will use in subsequent requests |
If you expect to make repeated and/or delayed calls using this access_token, you should pay attention to the expires_in field and request a new token if you have exceeded the expiration time.
Once you have the access_token, you'll assign it to the Authorization header with a prefix of Bearer. More information can be found here.