All Collections
Enboarder API Docs
Enboarder API Docs: Authentication & Overview
Enboarder API Docs: Authentication & Overview
Adam Faludi avatar
Written by Adam Faludi
Updated over a week ago

Authentication & Overview

API Key and OAuth 2.0 tokens

Get your API key or OAuth 2.0 tokens from 'Settings' / 'Integration' / 'Our Extensions'

Supported Data format:


Date format supported

YYYY-MM-DD (example 2020-06-09)


All Requests must be submitted as Https only.


All API Requests will require authentication either by API key or by OAuth2.0.

  • Authentication via API key

All API Requests will require API Key to be passed in header as apikey. Optionally, Rest API can be turned off/on at Account level by going to Company Account from 'Settings' / 'Integration' / 'Our Extensions'

Sample Header:

1 apikey:3376266343930346134343a344a4a57383930312d39

2 Content-Type:application/json

Base URL:

AU ๐Ÿ‡ฆ๐Ÿ‡บ :

EU ๐Ÿ‡ช๐Ÿ‡บ :

US ๐Ÿ‡บ๐Ÿ‡ธ :

CA ๐Ÿ‡จ๐Ÿ‡ฆ :

  • Authentication via OAuth2

The Rest APIs also support OAuth2 tokens. To enable this in the account, an admin needs to enable it from 'Settings' / 'Integration' / 'Our Extensions'.

Please click on the Activate OAuth2 button to generate Client and secret for OAuth2 App client. Optionally the user can enable / disable OAuth2 setting from this page.

Please note down the clientID and Secret. These are required to get the OAuth token.

OAuth2 token Enbdpoints

OAuth2 token flow

In Enboarder we support Client credential flow. This is a very simple flow and suitable for system-to-system authentication. Here are the steps:

  • High level Flow

  • The Integration Developer asks for OAuth2 credentials such as Client ID, Client Secret and token URL. Admin user gets this info from our extension page.

  • Add the below scope in the request:

api/workflow.basic api/workflow.advance api/settings.all

  • On receiving this, the developer needs to call the token URL with clientid and secret to get this access token. Here is the sample request and response:

  • The token is valid for 1 hour. The developer needs to check its expiry time before sending this token in the Rest API request. If it expires then first generate a new token and use this.

  • Please send this token in header Authorization in request header while calling Rest API

Sample Header:

Authorization:eyl2233434_KpYvv4ZL---YCj09D8N0xv---LKdLhw Content-Type:application/json

The receiver system will then validate the token and grant access if the token is valid.


Did this answer your question?