You will be issued an API Key, Client ID, Client Secret, and Data Source Name (if you plan to sync data). Credentials for Staging will be different than for Production.

Using your API Key

Your API Key must be included on all requests by adding an x-api-key request header.

Add your API Key as a header on all requests:
x-api-key
: YOUR API KEY

Access Token Authentication

Most API methods also require authentication via an access token. An access token identifies the user on behalf of whom you are making the request. In this case, you must provide both an API Key (see above) and an Access Token.

We provide a REST API for obtaining access tokens. Please keep all access tokens secure as they do not expire.

Types of Access Tokens

There are User Access Tokens and Location Access Tokens.

  • User Access Tokens should be used only when you need to authenticate as a specific user
  • Location Access Tokens should be used to authenticate as a business Location. Using a Location Access Token will always authenticate you as the Location’s owner (admin user)

Authenticating with an Access Token

The preferred way is to add an Authorization request header as follows:
Authorization: Bearer YOUR_ACCESS_TOKEN

Alternatively, you may provide the access token via a query parameter such as:
/api/v1/users/me?access_token=YOUR_ACCESS_TOKEN

Obtaining a Location Access Token via the REST API

View in API Explorer

1. Obtain a User Access Token using the Location Owner’s email and password

curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'x-api-key: YOUR_API_KEY' -d '{
 "email": "user@example.com",
 "password": "user_password",
 "client_id": "YOUR_CLIENT_ID",
 "client_secret": "YOUR_CLIENT_SECRET"
}' 'https://api.staging.hirefrederick.com/v1/access_tokens'
=> {"access_token": "USER_ACCESS_TOKEN"}

2. Obtain a Location Access Token using the User Access Token from above

curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'x-api-key: YOUR_API_KEY' --header 'Authorization: Bearer USER_ACCESS_TOKEN' -d '{
 "client_id": "YOUR_CLIENT_ID",
 "client_secret": "YOUR_CLIENT_SECRET"
}' 'https://api.staging.hirefrederick.com/v1/access_tokens/locations/LOCATION_ID'
=> {"access_token": "LOCATION_ACCESS_TOKEN"}

Next: Syncing Data with Frederick