The 2022 Expert-In-The-Loop Forum by is now available on-demand! Watch sessions here


Getting Started with API offers support for OAuth 2.0 Authentication for all of our API methods in the developer API platform.

This guide provides the steps necessary to start using’s Developer API with OAuth 2.0.

  • Register once
  • Authorize periodically (refresh token)
  • Authenticate each time you call the API


A Client ID (API key) and Client Secret is generated once a user has registered an account and created a new application:

  • If you haven’t already, register for an account on’s developer platform by signing up here.
  • Once you are logged in:
    • Go to “My Account” on the top right of the screen
    • Select the “Application” section
    • Create a new application and add following details:
      • Application name
      • Web page about the application
      • Description
  • When an application is created, team will review & approve the application.
  • After approval, the application status will change to “active”
    • The Client ID and Client Secret can be found under the “Keys” section of “My Account”, along with details of the API plan
      • Client ID is also referred to as Key or API Key
      • API Key / Client ID string will be 24 characters long
      • Client Secret string will be 10 characters long


An access token is issued, along with other parameters, in a response to a well formatted authorization request. Please note that an authorization request will count towards the calls per day quota and has accounted for 6 authorization related requests per day in each of our API subscription plans.

  • A successful response will include the following parameters:
    • Access Token
    • Token Type: bearer
    • Time to Expiration: 3600
    • Refresh Token
  • Access Token string will be 24 characters long
  • Refresh Token string will be 24 characters long

There are three ways you can generate an access token to pass along in header of the API request:

  • Generating through I/O Docs on Developer Platform
  • Generating through API call directly
    • Add in the following into the authorization request:
    • Example of request and response using Postman:
      • POST /oauth2/token HTTP/1.1
      • Host:
      • Content-Type: application/x-www-form-urlencoded
      • cache-control: no-cache
      • Postman-Token: 2d3b1419-9273-454d-8261-dd926960bf88
      • client_id=[]client_secret=[]grant_type=client_credentials

  • Generating through Python
    • You can download the sample code using this link.
  • Generating using Refresh Token
    • Add in the following into a Post request:
    • Example Request:
      • POST /oauth2/token HTTP/1.1
      • Host:
      • Content-Type: application/x-www-form-urlencoded
      • cache-control: no-cache
      • client_id=ysszm2yk7gp5r9ernuaurgccclient_secret=w9t7t48g7Hgrant_type=refresh_tokenrefresh_token=6mh3cgqvc6d992fd45zc88ueundefined=undefined
    • Example Response:
      • “access_token”: ” “,
      • “token_type”: “bearer”,
      • “expires_in”: 3600,
      • “refresh_token”: ” “
    • Notes:
      • A new refresh token is issued along with the new access token
      • If the most recent refresh token is not included in the request, you will receive the following error:
        • “error”: “invalid_grant”,
          “error_description”: “Invalid refresh token”

Request Authentication

When making a request to any API method using OAuth 2.0 authentication, include the Access Token in the Request Header as an Authorization Bearer.

  • Examples:
    • Interactive API on
      • Request URL:
      • Request Header:
        • accept-encoding: identity
        • Authorization: Bearer [access token]
        • X-Originating-IP:
    • Postman
        • GET /v1/searchoauth HTTP/1.1
        • Host:
        • Authorization: Bearer [access token]
        • cache-control: no-cache

Next Steps

Contact us to schedule a demo and discuss integration options in detail.

If you’re a developer, join our Developer Program to learn more and begin using our interactive API.