Skip to main content

Authentication

Create your account

First, you need to create a manager account on this page.

OAuth2 Resource Owner Password Flow

To access our API, request an OAuth application from our support team.

Use your account credentials to obtain an access token via the OAuth2 Resource Owner Password Flow.

This access token will enable secure authentication and interaction with our API.

Request an OAuth Application

To access our API, you’ll need an OAuth application: Submit your registration here.

Once your request is approved, we will provide you with the following:

  • Client ID: A unique identifier for your application.
  • Client Secret: A secret key that you’ll use to authenticate.

Obtain an Access Token

After receiving your Client ID and Client Secret, use them along with your account's username and password to request an access token from our authorization server.

To obtain the token, send a POST request to the /oauth2/token/ endpoint with the following information:

  • grant_type: Set this to password.
  • username: Your manager account's username.
  • password: Your manager account's password.
  • client_id: The unique client ID we provided.
  • client_secret: The secret key we provided.

Here's an example request:

POST /oauth2/token/ HTTP/2
Host: account.insiders.live
Content-Type: application/x-www-form-urlencoded

grant_type=password&username=YourUsername&password=YourPassword&client_id=YourClientId&client_secret=YourClientSecret

Receive Your Access Token

If your credentials are correct, the authorization server will return an access token. Use this token to authenticate API requests.

Example response:

{
    "access_token": "YourAccessToken",
    "expires_in": 36000,
    "token_type": "Bearer",
    "scope": "all",
    "refresh_token": "YourRefreshToken"
}

You will get useful authentication information:

  • access_token: The token you’ll use for API authentication in order to get raw data.
  • expires_in: The token's validity period in seconds (10 hours).
  • refresh_token: A token used to get a new access token without logging in again.

Refreshing Your Access Token

When your access token expires, you can use the refresh_token provided in the response to request a new access token without re-authenticating. Contrary to the access token, the refresh token does not expire.

Send another POST request to the /oauth/token endpoint, using the refresh_token grant type.

POST /oauth2/token/ HTTP/2
Host: account.insiders.live
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token&refresh_token=YourRefreshToken&client_id=YourClientId&client_secret=YourClientSecret

OAuth2 Authorization Code Flow (deprecated)

We no longer recommend using the OAuth2 Authorization Code Flow.

If you believe this flow better suits your needs, please contact us at support-api@insiders.live.