Access token

Access tokens are short-lived secrets used to authenticate with the API. They’re procured using long-lived API keys which are created via the Crunchy Dashboard.

For full details and examples on this exchange process, see authentication.

Part of the API reference collection

This page is part of the Crunchy Bridge API reference, and primarily meant to act as an exhaustive guide for technical integrations which are already in progress. To understand the basics of using the API, see API concepts and getting started.

The AccessToken API resource

Access token response.

Content type: application/json

Name Nullable Type Description
id string in EID format

The primary ID of the access token.

access_token string

The access token secret. This will be passed into the Authorization header when making subsequent API requests.

This field is only available when an access token is first created. It will contain a value of null when this API resource is returned from other endpoints.

account_id string in EID format

ID of the account which the access token belongs to.

api_key_id string in EID format

The ID of the API key which this access token is associated with.

created_at string of date/time formatted as RFC 3339

The time at which the access token was created.

expires_at string of date/time formatted as RFC 3339

The time at at which the access token expires, after which a new access token will need to be procured.

token_type enum string

The type of token returned. Currently always bearer.

Enum bearer.

expires_in integer

The number of seconds until the access token expires, after which a new access token will need to be procured.

Deprecated It’s generally preferable to use expires_at instead for simplicity’s sake.

Example

{
    "access_token": "cbats_H4sIAAAAAAAA_2TKTW6EIBQA4Lu8tSaKqAnn6Kob84Cngog_iFWa3r2Zmcxq9t8vGA0CcMDkZQitmpdU_1ivtwFJx3aGDHA13UR395ReqhBHl3RNZneqrmI1JnvdPX9IpZboj5eknjvpNpxOQmflfVrp-sTOiJCB2gkP0h0eIIAVjOVFkzP-VTaCVaLk35ABXavZKXya9m3-_gMAAP__2N6M378AAAA.MEUCIATMeSR2YnPuF-JaEjzeqBe0uj7461hpNfDzzyYR8_c3AiEAqaqypU-PsFt7camAjlBpHEGV32zOAJ_Xm4N128nNsqo",
    "account_id": "qvcw4hylovgyzbwzp53bmmlhga",
    "api_key_id": "ryexlkxpibfang6u7374faajfe",
    "created_at": "2021-07-11T01:02:03Z",
    "expires_at": "2021-07-11T02:02:03Z",
    "expires_in": 3600,
    "id": "rizcplozgfht7lhra5lbqebiru",
    "token_type": "bearer"
}

Create access token

Create a new access token.

Creation of access tokens is rate limited using a token bucket algorithm with an initial burst of 20 access tokens and a refill rate of 20 access tokens per hour per API key. So while it’s possible to create up to 20 access tokens immediately, subsequent requests for new tokens will need to wait about three minutes before they can succeed.

Access token creation is rate limited to try and curb too many from existing at any given time, and can generally be worked around by caching any new tokens which are provisioned, and only requesting new ones as the previous ones expire.

POST /access-tokens

Request

Request body schema

Content type: application/json

Name Required Type Description
client_secret string

The secret of the requesting client application. Usually obtained under the API keys section of account settings in the Bridge Dashboard.

client_id string in EID format

The ID of the requesting client application. Usually obtained under the API keys section of account settings in the Bridge Dashboard.

This field is optional if you have a newer style API key that has a secret prefixed with cbkey_. In that case, you only have to provide client_secret to this endpoint.

grant_type enum string

The grant type which the client application is using to to acquire a new access token. Only a value of client_credentials is supported. This field may be omitted to use the default value of client_credentials.

Enum client_credentials.

Example request body

{
    "client_id": "jrop2tdfmjffvfq7aqmmdc6lsm",
    "client_secret": "IT_qM9o80pwp-dIPPRbQ8yql_BIrZznI4zobc7HIGUg",
    "grant_type": "client_credentials"
}

cURL example

curl -X POST https://api.crunchybridge.com/access-tokens
    -H "Authorization: Bearer $CRUNCHY_ACCESS_TOKEN"
    -H "Content-Type: application/json"
    -d '{"client_id":"jrop2tdfmjffvfq7aqmmdc6lsm","client_secret":"IT_qM9o80pwp-dIPPRbQ8yql_BIrZznI4zobc7HIGUg","grant_type":"client_credentials"}'

Response

Status: 200

Responds with the standard AccessToken API resource.

Destroy access token

Delete an existing access token.

DELETE /access-tokens/{access_token_id}

Request

Path parameters

  • access_token_id: The primary ID of the access token to delete. Must belong to your account.

cURL example

curl -X DELETE https://api.crunchybridge.com/access-tokens/{access_token_id}
    -H "Authorization: Bearer $CRUNCHY_ACCESS_TOKEN"

Response

Status: 200

Responds with the standard AccessToken API resource.