API Reference

Requesting an API token

Getting an API token using the Client Credentials flow

Requesting a new token is as simple as sending a request to the Authorization Server. 

curl --request POST \
  --url 'https://login.nextchapter.cloud/connect/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=YOUR_CLIENT_ID \
  --data client_secret=YOUR_CLIENT_SECRET

The client_id and client_secret should be substituted by your own values. Optionally you can provide the scope form field to ask for a specific scope. Read more about scopes.

Note: : Ensure that you are refreshing your token as needed. When your token expires, you will receive a 401 Unauthorized response, and you will need to obtain a new token.

## Anatomy of a token

The API response will look similar to this:

{
	"access_token": "eyJhbG...",
	"expires_in": 3600,
	"token_type": "Bearer",
	"scope": "read:orders"
}

It holds the following fields:

  • access_token is the JSON Web Token, or JWT, that you should provide in all requests to the API. Read more about JWTs.
  • expires_in is the time in seconds when the token will expire.
  • token_type will always be Bearer.
  • scope will contain the scopes you have access to. Read more about scopes.