Weza.io exclusively uses Oauth2 to authenticate and authorize requests. You will need to have an OAuth client ID and a client secret before you can make authenticated OAuth requests. These credentials can be created and managed on our web dashboard. Once you have your credentials, you will use them to get an access token from our authentication server using the request below:

curl -X POST \
 https://auth.wezaapis.com/v1/oauth2/token \
 -H 'Content-Type: application/x-www-form-urlencoded' \
 -d 'client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=client_credentials&scope=platform'

If your request is successful , you will receive a 200 response status code and the response body will be a JSON document with the structure shown below.

{
   "access_token": string,
   "token_type": string,
   "expires_at": number,
   "scope": string
}

Fields

You can now make requests to any weza.io API using the access token. Remember to temporarily store the token somewhere secure, for instance in your database, cache or even as a global variable, to prevent needing to create a new token for each request.

When the token expires, you will receive a 401 error code from the API. You should have your application perform the above process again. Alternatively, you can preempt that by checking the expires_at field, returned in the token response, before each API request.

The token should be sent as a Bearer token in the HTTP authentication header. You can find an example of such a request here.