Credentials
Access to the API requires authentication using Oauth2-based credentials. In order to access the API, you will need to register as a user. A user is typically an organization that will use the API to receive data about the portfolio. The same credentials can be used by any sub-user within the organization. Multiple tokens can be concurrently issued for the same user.
Contact api@epic.foundation to register your organization as a user.
Requesting an access token
Users should begin any interaction with the API by requesting a new token. This can be done by calling:
POST: /oauth2/get-token
| Parameter | Value |
|---|---|
| grant_type | "client_credentials" |
| client_id | Your client ID |
| client_secret | Your client password |
Access tokens are typically valid for 1 hour.
The response to this call will be either:
{
"access_token":"35f197156f655e3103e874853b286d79568502c0",
"expires_in":3600,
"token_type":"Bearer",
"scope":"organization-basic"
}
or if you forget the grant type:
{
"error":"invalid_request",
"error_description":"The grant type was not specified in the request"
}
or if your credentials are not recognized:
{
"error":"invalid_client",
"error_description":"The client credentials are invalid"
}
Subsequently if you forget to include a token in an API call, your will get the error:
{
"readyState": 4,
"responseText": "",
"status": 500,
"statusText": "error"
}
The scope field may contain multiple values depending on the scope of your user credentials. The token_type and scope
fields can be ignored.
Every subsequent call to the API must contain the parameter access_token with the provided access token as a value. If an
access_code is not present on an API request, the HTTP response will be set to 401 (Unauthorized). All other
errors are handled with HTTP response 200.
Example
Click on the "Get Token" button to get a test Oauth2 token