Requesting an access token

The Access Token is required in the header of every request to the API. You must request an Access Token which lasts for a limited amount of time. An Access Key is required to request a new Access Token, as per RFC7617.

Creating an access key

An Access Key is unique to your tenant and should be kept safe and used each time you need to request an Access Token.

The Access Key is made up of the Client Key and Client Secret combined...

E.g.

Copy 
Client Key = "12345678901234567890"
Client Secret = "abcdefghijklmnopqrs"

Combine as a single string separated by a colon ":"...

Copy 
12345678901234567890:abcdefghijklmnopqrs

Encoded with Base64 format to create the Access Key.

Copy 
MTIzNDU2Nzg5MDEyMzQ1Njc4OTA6YWJjZGVmZ2hpamtsbW5vcHFycw==

Online Tool for Base64 Encoding (opens in a new window/tab)

This encoded string can be decoded to retrieve the Client Key and Client Secret so must be kept safe.

Requesting an access token

The Access Token is requested using your Access Key. The token is short lived and can change each request for security.

Copy 
 curl -X POST https://api.iris.co.uk/oauth2/v1/token \
   -H "Content-Type: application/x-www-form-urlencoded" \
   -H "authorization: Basic <access_key>" \
   -d "grant_type=client_credentials"

The response from IRIS will be a JSON message containing the following:

Copy 
 {
      "access_token": "4gYpTokCeSHyIdMJFv84jY5yrzKO",
      "expires_in": "3599",
      "scope": "",
      "token_type": "Bearer"
   }