Authentication

Authenticate requests to the API

PreviousGetting started NextAPI Reference

Last updated 2 years ago

Was this helpful?

Authentication

Authenticate requests to the API

Obtaining client credentials

Use the to retrieve your OAuth Client ID and Client Secret values. You can contact support if you wish Hopscotch to hold your OAuth credentials for you and grant access to your AWS role instead.

Keep your OAuth Client ID and Secret safe! Don't store credentials in source code, use a service like instead.

Hopscotch API client credentials are currently not set to be periodically rotated; however, we don't ensure that your credentials will never change. While we do our best to have prompt communication of changes, we suggest that your client code programmatically handles retrieving updated credentials when your current one stop working.

Obtaining an OAuth token

Hopscotch Party API uses the Client Credentials Authentication flow. Use your clientId and clientSecret as username and password of a Basic authentication request to the Token endpoint.

Use the JWT token string from the field from the response as the value for the Authorization header to authenticate API calls.

Obtain OAuth2 Authorization Token

POST https://auth.hopscotch.trade/oauth2/token

Query Parameters

Name

Type

Description

grant_type*

String

Must be client_credentials.

{
    "access_token": "<jwt_token>",
    "expires_in": 900,
    "token_type": "Bearer"
}

{
    "error": "invalid_client"
}

POST requests to the Token endpoint must explicitly set the header Content-Type: application/x-www-form-urlencoded.

OAuth tokens are valid for 60 minutes, then you need to obtain a new token.

PreviousGetting started NextAPI Reference

Last updated 2 years ago

Was this helpful?