Generating a token

OAuth 2.0

Now that you have your "Client ID" and "Client secret" you can make a call to our API in order to generate a token.

The URL that you need to call in order to do that is:

The request method that you need to use in order to generate the token is POST.
The content-type header must be set to application/x-www-form-urlencoded.
The body needs to contain the following fields:

  • client_id - taken from the OfficeRND application you just created.
  • client_secret- taken from the OfficeRND application you just created.
  • grant_type - currently we only support "client_credentials" so the value is always going to be the same.
  • scope - here you can specify whether you'd like the token to have permissions to read, write or both, e.g. " officernd.api.write".



Please note that this will take into account the permission that you've specified for the application itself. For example, if the application has only "Read" permissions you can't generate a token with "Write" permissions, as you will see an error.



Please note that CORS is disabled, due to security reasons.
It is preferable to exchange your app secrets for an access token through a server application (node, python, Go, .net, even Postman, etc.) or cURL requests where the credentials can be stored securely.

If you're using Postman, please see below:

After sending the POST request you'll be able to see your token in the response body.
The property "expires_in" specifies the time in seconds for which you can use the token. All tokens are valid for 3600 seconds, i.e 1 hour.

   "access_token": "\",  
   "token_type": "Bearer",  
   "expires_in": 3599,  
   "scope": " officernd.api.write"  

After you've generated the token, you can use it as authorization when calling the different API endpoints.
You can generate a token here as well.



curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "client_id={client_id}&client_secret={client_secret}&grant_type=client_credentials& officernd.api.write"


{"access_token":"{access_token}","token_type":"Bearer","expires_in":3599,"scope":" officernd.api.write"}

Authorization Header
Once you have the token you need to add an Authorization header to every request. The value of the header should be "Bearer <access_token>". It should look like this:

Authorization: Bearer <access_token>