Authentication & Overview

API Key and OAuth 2.0 tokens

Get your API key or OAuth 2.0 tokens from 'Settings' / 'Integration' / 'Our Extensions'

Supported Data format:


Date format supported

YYYY-MM-DD (example 2020-06-09)


All Requests must be submitted as Https only.


All API Requests will require authentication either by API key or by OAuth2.0.

  • Authentication via API key

All API Requests will require API Key to be passed in header as apikey. Optionally, Rest API can be turned off/on at Account level by going to Company Account from 'Settings' / 'Integration' / 'Our Extensions'

Sample Header:

1 apikey:3376266343930346134343a344a4a57383930312d39

2 Content-Type:application/json

Base URLs

AU πŸ‡¦πŸ‡Ί :

EU πŸ‡ͺπŸ‡Ί :

US πŸ‡ΊπŸ‡Έ :

  • Authentication via OAuth2

The Rest APIs also support OAuth2 tokens. To enable this in the account, an admin needs to enable it from 'Settings' / 'Integration' / 'Our Extensions'.

Please click on the Activate OAuth2 button to generate Client and secret for OAuth2 App client. Optionally the user can enable / disable OAuth2 setting from this page.

Please note down the clientID and Secret. These are required to get the OAuth token.

OAuth2 token Enbdpoints

AU πŸ‡¦πŸ‡Ί :

EU πŸ‡ͺπŸ‡Ί :

US πŸ‡ΊπŸ‡Έ :

OAuth2 token flow

In Enboarder we support Client credential flow. This is a very simple flow and suitable for system-to-system authentication. Here are the steps:

  • High level Flow

  • The Integration Developer asks for OAuth2 credentials such as Client ID, Client Secret and token URL. Admin user gets this info from our extension page.

  • On receiving this, the developer needs to call the token URL with clientid and secret to get this access token. Here is the sample request and response:

  • The token is valid for 1 hour. The developer needs to check its expiry time before sending this token in the Rest API request. If it expires then first generate a new token and use this.

  • Please send this token in header Authorization in request header while calling Rest API

Sample Header:

Authorization:eyl2233434_KpYvv4ZL---YCj09D8N0xv---LKdLhw Content-Type:application/json

The receiver system will then validate the token and grant access if the token is valid.

Did this answer your question?