Obtain access token

curl --request POST \
  --url https://api.routera.io/oauth2/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=your-client-id \
  --data client_secret=your-client-secret

{
  "access_token": "<string>",
  "expires_in": 123,
  "token_type": "Bearer"
}

POST

oauth2

token

Obtain access token

curl --request POST \
  --url https://api.routera.io/oauth2/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=your-client-id \
  --data client_secret=your-client-secret

{
  "access_token": "<string>",
  "expires_in": 123,
  "token_type": "Bearer"
}

Endpoint

POST https://api.routera.io/oauth2/token

Route: /oauth2/token
Content-Type: application/x-www-form-urlencoded

This endpoint does not return a refresh token. When expires_in elapses, call this endpoint again with the same client credentials.

Request body

All parameters are sent as form fields (application/x-www-form-urlencoded). client_id and client_secret are required.

Parameter	Required	Description
`grant_type`	Yes	Must be `client_credentials`
`client_id`	Yes	Your API client id
`client_secret`	Yes	Your API client secret

Example

curl -X POST 'https://api.routera.io/oauth2/token' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET'

Alternative: HTTP Basic

You may also send credentials in the Authorization header instead of the form body:

Authorization: Basic base64(client_id:client_secret)

When using Basic auth, the body still requires grant_type=client_credentials.

Response

200 — Token issued

{
  "access_token": "eyJraWQiOi...",
  "expires_in": 3600,
  "token_type": "Bearer"
}

Use access_token on subsequent requests:

Authorization: Bearer eyJraWQiOi...

Errors

Status	When
`400`	Missing or invalid `grant_type`
`401`	Invalid `client_id` or `client_secret`

Error responses follow the standard OAuth 2.0 format (error, error_description).

Next step

After obtaining a token, see API introduction for object routes and response format.

Body

application/x-www-form-urlencoded

Requires grant_type, client_id, and client_secret as application/x-www-form-urlencoded fields.

grant_type

enum<string>

default:client_credentials

required

Must be client_credentials

Available options:

client_credentials

client_id

string

required

API client id (required)

Example:

"your-client-id"

client_secret

string<password>

required

API client secret (required)

Example:

"your-client-secret"

Response

Access token issued

access_token

string

required

JWT access token — use as Authorization: Bearer on API routes

expires_in

integer

required

Token lifetime in seconds

token_type

enum<string>

required

Available options:

Bearer

API introduction List contacts

​Endpoint

​Request body

​Example

​Alternative: HTTP Basic

​Response

​Errors

​Next step

Body

Response

Endpoint

Request body

Example

Alternative: HTTP Basic

Response

Errors

Next step