How to call the API?
Authorisation header: this is crucial for authentication. Include the access token obtained during the OAuth flow as a bearer token. The format of the header should be "Bearer + <access_token>".
Accept header: allows you to specify the desired response format from the API. Specify the type of response you expect from the API, such as "application/json" for JSON response. The server will then provide the response in the specified format.
- GET https://public-api.approvalmax.com//ping authorization: Bearer access_token accept: application/json
Access and refresh tokens
Access tokens have an expiration time of 1 hour. If your application is granted the "offline_access" scope during the initial user authorisation, it can automatically refresh the access token using a refresh token without requiring any user interaction.
To refresh the access token, your application needs to make a POST request to the token endpoint. Here's how you can do it:
- Ensure that you have stored the refresh token securely. It is crucial to protect this sensitive information, such as storing it in the keychain of the operating system, to prevent unauthorised access.
- Make a POST request to the token endpoint using the appropriate parameters.
To refresh the access token, you need to make a POST request to the token endpoint:
grant_type=refresh_token. Set this parameter to "refresh_token" to indicate that you are refreshing a token.refresh_token=YOURREFRESHTOKEN. Include the stored refresh token in this parameter obtained during the initial authorisation flow.clientId: Client app key from your application created in the Developer Portal.clientSecret: App secret key from your application created in the Developer Portal.
- POST https://identity.approvalmax.com/connect/token
- Content-Type: application/x-www-form-urlencoded
- grant_type=refresh_token
- &refresh_token=YOURREFRESHTOKEN
- &client_id=client_id
- &client_secret=client_secret
If your application fails to receive the response or encounters issues while saving the new tokens, you have a grace period of 1 hour. During this grace period, you can retry using your existing refresh token to obtain a new access token. However, after the grace period of 1 hour has elapsed, your previous refresh token will expire. To continue accessing the ApprovalMax API, the user will need to re-authorise your application, which will generate a new refresh token. Handling this scenario is important to ensure uninterrupted access to the API.
Related Articles
Prerequisites for using the Public API
Before proceeding with the authorisation process for the ApprovalMax Public API feature, there are certain prerequisites that need to be met. These include: 1. Granting access to the Developer Portal: in order to access the Developer Portal and ...The list of endpoints available in Public API
To make calls against the APIs, please refer to the endpoints below or to the swagger: Endpoints Description GET /ping In the ApprovalMax Public API, the GET /ping endpoint is a simple endpoint used for checks the overall availability and ...What does the ApprovalMax Public API do?
The ApprovalMax API provides for other systems the capability to retrieve data from ApprovalMax and display it in their own systems without requiring manual actions from individuals. This allows for a seamless integration and enables the automation ...How to grant access to an Organisation in the ApprovalMax Public API
The process of granting access to an Organisation consists of the following steps: 1. Initiate user authorisation: generate an URL with the necessary parameters. This URL will direct account owners/ account managers to the ApprovalMax Public API ...How to verify authorised Organisations with access permissions
To determine which Organisations the Account Owner has authorised, you can make a call to the /companies endpoint using the received token. In response, you will receive a list of Organisations UUIDs to which access has been granted. To retrieve ...