Compliance.ai Platform API OAuth 2.0 User Guide
Compliance.ai offers support for OAuth 2.0 Authentication for all of our API methods in the Compliance.ai developer API platform.
This guide provides the steps necessary to start using Compliance.ai’s Developer API with OAuth 2.0.
- Register once
- Authorize periodically (refresh token)
- Authenticate each time you call the API
Registration
A Client ID (API key) and Client Secret is generated once a user has registered an account and created a new application:
- If you haven’t already, register for an account on Compliance.ai’s developer platform by signing up here.
- Once you are logged in:
- Go to “My Account” on the top right of the screen
- Select the “Application” section
- Create a new application and add following details:
- Application name
- Web page about the application
- Description
- When an application is created, Compliance.ai team will review & approve the application.
- After approval, the application status will change to “active”
- The Client ID and Client Secret can be found under the “Keys” section of “My Account”, along with details of the API plan
- Client ID is also referred to as Key or API Key
- API Key / Client ID string will be 24 characters long
- Client Secret string will be 10 characters long
- The Client ID and Client Secret can be found under the “Keys” section of “My Account”, along with details of the API plan
Authorization
An access token is issued, along with other parameters, in a response to a well formatted authorization request. Please note that an authorization request will count towards the calls per day quota and Compliance.ai has accounted for 6 authorization related requests per day in each of our API subscription plans.
- A successful response will include the following parameters:
- Access Token
- Token Type: bearer
- Time to Expiration: 3600
- Refresh Token
- Access Token string will be 24 characters long
- Refresh Token string will be 24 characters long
There are three ways you can generate an access token to pass along in header of the API request:
- Generating through I/O Docs on Compliance.ai Developer Platform
- Go to https://developer.compliance.ai/io-docs
- Select “OAuth 2.0 – Document Search API”
- Add in the Client ID and Client Secret
- Click “Get Access Token
- Generating through API call directly
- Add in the following into the authorization request:
- URL – http://compliance.api.mashery.com/oauth2/token
- Grant Type – Client Credentials
- Client ID
- Client Secret
- Client Authentication – Basic Auth header
- Example of request and response using Postman:
- POST /oauth2/token HTTP/1.1
- Host: compliance.api.mashery.com
- Content-Type: application/x-www-form-urlencoded
- cache-control: no-cache
- Postman-Token: 2d3b1419-9273-454d-8261-dd926960bf88
- client_id=[]client_secret=[]grant_type=client_credentials
- Add in the following into the authorization request:
- Generating using Refresh Token
- Add in the following into a Post request:
- URL – http://compliance.api.mashery.com/oauth2/token
- Body Type: x-www-form-urlencoded
- Grant Type: refresh_token
- Refresh Token
- Client ID
- Client Secret
- Example Request:
- POST /oauth2/token HTTP/1.1
- Host: compliance.api.mashery.com
- Content-Type: application/x-www-form-urlencoded
- cache-control: no-cache
- client_id=ysszm2yk7gp5r9ernuaurgccclient_secret=w9t7t48g7Hgrant_type=refresh_tokenrefresh_token=6mh3cgqvc6d992fd45zc88ueundefined=undefined
- Example Response:
- “access_token”: ” “,
- “token_type”: “bearer”,
- “expires_in”: 3600,
- “refresh_token”: ” “
- Notes:
- A new refresh token is issued along with the new access token
- If the most recent refresh token is not included in the request, you will receive the following error:
- “error”: “invalid_grant”,
“error_description”: “Invalid refresh token”
- “error”: “invalid_grant”,
- Add in the following into a Post request:
Request Authentication
When making a request to any Compliance.ai API method using OAuth 2.0 authentication, include the Access Token in the Request Header as an Authorization Bearer.
- Examples:
- Interactive API on Compliance.ai
- Request URL:
- https://api.compliance.ai/v1/searchoauth?[filters]
- Request Header:
- accept-encoding: identity
- Authorization: Bearer [access token]
- X-Originating-IP:
- Request URL:
- Postman
-
- GET /v1/searchoauth HTTP/1.1
- Host: api.compliance.ai
- Authorization: Bearer [access token]
- cache-control: no-cache
-
- Interactive API on Compliance.ai
Next Steps
Contact us to schedule a demo and discuss integration options in detail.
If you’re a developer, join our Developer Program to learn more and begin using our interactive API.