Authentication

ExpertFile expects an access token to be included in all API requests to the server in a header that looks like the following:

Create token.

POST https://public-api.expertfile.com/oauth/token

You can find your Client ID and Client Secret in Settings->Integrations inside ExpertFile dashboard. The url is: https://expertfile.com/dashboard/settings/integrations.

Response

  data: {
    accessToken: '<ACCESS CODE>',
    accessTokenExpiresAt: '2024-06-24T16:10:43.457Z',
    client: '<CLIENT ID>',
    user: <ORG ID>,
    scope: true
  },
  success: true
}

Code

const data = new URLSearchParams();

data.append('client_id', '<YOUR CLIENT ID>');
data.append('client_secret', '<YOUR CLIENT SECRET>');
data.append('grant_type', 'client_credentials');

fetch('https://public-api.expertfile.com/v2/oauth/token', {
    method: 'POST',
    headers: {
        'Content-Type': 'application/x-www-form-urlencoded'
    },
    body: data
})
.then(response => response.json())
.then(json => {
    const { success, data } = json

    if (success) {
        const { accessToken, accessTokenExpiresAt } = data
        console.log('Token used to sign requests for data', accessToken)
    }

})
.catch(error => console.error(error));

$client_id = urlencode('<YOUR CLIENT ID>');
$client_secret = urlencode('<YOUR CLIENT SECRET>');
$grant_type =  'client_credentials';

$params =
    [
        'client_id' => $client_id,
        'client_secret' => $client_secret,
        'grant_type' => $grant_type
    ];

$url = 'https://public-api.expertfile.com/v2/oauth/token';

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));

$response = curl_exec($ch);
$json = json_decode($response);

if ($json->success) {
    var_dump('Token used to sign requests for data', $json->data->accessToken);
}

curl_close($ch);

curl -X POST \
  https://public-api.expertfile.com/v2/oauth/token \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/x-www-form-urlencoded' \
  -d 'client_id=<YOUR_ID>&client_secret=<YOUR_SECRET>&grant_type=client_credentials'

Good to know: You'll be required to sign all requests for data using the token received in this response. Tokens are valid for 30 days, so you may want to store the token for reuse and avoid making repeat calls for a new token.

PreviousAPI Reference NextExperts

Last updated 6 months ago