CLIENT_ID
and CLIENT_SECRET
. Later, when moving to production, create a separate API key with live-only permission. Save this key’s CLIENT_ID
and CLIENT_SECRET
securely in your own production environment to interact with the Noyo API.
Once you have an API key, you can generate a short-lived access token (valid for ~10 minutes) using the CLIENT_ID
and CLIENT_SECRET
as the username/password combination in a Basic Authentication header.
Use the following curl snippet directly, or import it into API client software such as Postman:
ACCESS_TOKEN
:
ACCESS_TOKEN
in the Authorization header for each request you make to the Noyo API, like this request to get a list of groups for your organization in the sandbox:
200
response to confirm a successful call:
Authentication troubleshooting
For most authentication issues you will receive one of the following error messages. For any other issues, contact support@noyo.com.Missing credentials
A JWT has not been supplied in the Authorization HTTP header. Ensure that the Authorization HTTP header readsBearer <JWT>
.
401 Unauthorized
Malformed JWT
The JWT has been truncated or altered in some way since it was originally acquired. Please double check the original HTTP response from accounts.noyo.com/auth/public/token.401 Unauthorized
Expired token
The JWT has expired. We recommend requesting a new API token and re-attempting your original request. You can anticipate this issue by using theexpires_in
property returned along with any API token. The expires_in
value is the number of milliseconds until the API token expires. A token refresh performed before that time could mitigate this issue.
401 Unauthorized