To successfully make API calls, include the following headers in your requests to authenticate and communicate with the API correctly:
Authorisation header: this is crucial for authentication. Include the access token obtained during the OAuth flow as a bearer token. The format of the header should be "Bearer + <access_token>".
Accept header: allows you to specify the desired response format from the API. Specify the type of response you expect from the API, such as "application/json" for a JSON response. The server will then provide the response in the specified format.
- GET https://public-api.approvalmax.com//ping authorization: Bearer access_token accept: application/json
Access and refresh tokens
Access tokens have an expiration time of 1 hour. If your application is granted the "offline_access" scope during the initial user authorisation, it can automatically refresh the access token using a refresh token without requiring any user interaction.
To refresh the access token, your application needs to make a POST request to the token endpoint. Here's how you can do it:
- Ensure that you have stored the refresh token securely. It is crucial to protect this sensitive information, such as storing it in the keychain of the operating system, to prevent unauthorised access.
- Make a POST request to the token endpoint using the appropriate parameters.
To refresh the access token, you need to make a POST request to the token endpoint:
- POST https://identity.approvalmax.com/connect/token
When refreshing an access token using a refresh token, the request body must include:
grant_type
=refresh_token. Set this parameter to "refresh_token" to indicate that you are refreshing a token.
refresh_token
=YOURREFRESHTOKEN. Include the stored refresh token in this parameter obtained during the initial authorisation flow.
clientId
: Client app key from your application created in the Developer Portal.
clientSecret
: App secret key from your application created in the Developer Portal.
- POST https://identity.approvalmax.com/connect/token
- Content-Type: application/x-www-form-urlencoded
- grant_type=refresh_token
- &refresh_token=YOURREFRESHTOKEN
- &client_id=client_id
- &client_secret=client_secret
When refreshing an access token using a refresh token, the response from the token endpoint will include a new access token and a refresh token. It is crucial for your application to save both tokens in order to maintain access to the ApprovalMax API.
If your application fails to receive the response or encounters issues while saving the new tokens, you have a grace period of 1 hour. During this grace period, you can retry using your existing refresh token to obtain a new access token. However, after the grace period of 1 hour has elapsed, your previous refresh token will expire. To continue accessing the ApprovalMax API, the user will need to reauthorise your application, which will generate a new refresh token. Handling this scenario is important to ensure uninterrupted access to the API.
You can decode your token
here.
Pagination is a technique used in API responses to break down a large set of data into smaller, more manageable chunks or pages. This allows to retrieve and display data incrementally rather than all at once, improving efficiency and reducing the burden on both the server and the client.
The ApprovalMax API uses limit
and continuationToken
as parameters for pagination.
Adding a limit
to a request determines how many items are to be on each page, and the server responds with a continuationToken
indicating where to start fetching the next set of items. The combination of continuationToken
and limit
allows to navigate through a larger dataset in manageable chunks.
The maximum Limit
is 100.
Here's an example:
Initial request:
- The client sends a request to the server to retrieve a certain number of items (as per the set limit), which cannot exceed 100.
- The response includes the requested items and a continuationToken that indicates the position or index of the last item on the current page.
- {
- "continuationToken": 0,
- "limit": 3,
- "items": [
- '32a0e872-9510-4bfa-9799-66c7bbedf3e1',
- 'de31faee-063d-4daa-b3d9-33de7eb1c2ee',
- '8bc631d0-f7ef-4ec6-bb6d-09e120fe162c'
- ]
- }
Subsequent requests:
- The client uses the received continuationToken to request the next page of items.
- The server responds with the next set of items and an updated continuationToken.
- json{
- "continuationToken": 3,
- "limit": 3,
- "items": [
- 'cd99fa72-ec00-42fd-a7f9-8e3ae1754c4a',
- '01288f26-a329-4d3c-815f-3b10ee942a40',
- 'ff197941-0799-4e93-8f32-64f5c2c88e76'
- ]
- }
- {
- "continuationToken": 6,
- "limit": 3,
- "items": [
- '377e1107-2820-420a-9896-a799a0fa2c42',
- '90fc782a-177c-48ab-9449-846331a693e0',
- '763a4c75-02fd-41b5-bca8-e5a2bd63f1dd'
- ]
- }
End of pagination:
The process continues until the continuationToken is null or an empty array is returned, indicating that there are no more pages.
- {
- "continuationToken": 8,
- "limit": 3,
- "items": []
- }
- {
- "continuationToken": 8,
- "limit": 3,
- "items": []
- }
Rate limit
Accessing the Public API is currently restricted to 1000 requests per minute.
When this limit is reached, the error code 429 is returned along with the message: "Too many requests. Please try again after N second(s)."