🔐 Authentication

Token-Based Authentication

The Public API uses JWT (JSON Web Token) authentication. Start here to obtain an access token before calling other endpoints.

Authentication Flow

Your App          Adaptria API
   │                    │
   │  POST /api/credentials/token
   │  {clientId, clientSecret}
   │ ──────────────────▶│
   │                    │
   │  {accessToken, expiresIn}
   │ ◀──────────────────│
   │                    │
   │  GET /api/public/v1/rfqs  │
   │  Authorisation: Bearer <token>
   │ ──────────────────▶│
   │                    │
   │  {data: [...]}     │
   │ ◀──────────────────│

Using Authentication

All Public API endpoints require authentication using a Bearer token.

Authorisation Header Required

Include the token in the Authorisation header (note the British English spelling with 's'):

Header

Value

Authorisation

Bearer <your_access_token>

Important: Use Authorisation (with 's'), not Authorisation (with 'z').

Token Lifetime: 1 hour (3600 seconds)

Auto-Refresh: Implement automatic token refresh in your integration to maintain uninterrupted access.

🔐 Generate Access Token

post

Authentication Entry Point

This endpoint is your first step to accessing the Adaptria Public API. Exchange your API credentials for a time-limited access token.

Prerequisites

Before calling this endpoint, you need API credentials generated from the Adaptria Portal:

Option A: Client User Self-Service

Log in to the Adaptria Portal as a Client User
Navigate to Settings → API Credentials
Click Generate New Credentials
You'll receive a clientId and clientSecret

Option B: Admin Creates for Client User

Contact your Adaptria administrator to generate API credentials for your account. Administrators can create credentials through the Admin → Client User Management section in the Adaptria Portal.

Authentication Flow

┌─────────────────┐     POST /api/credentials/token     ┌─────────────────┐
│   Your System   │ ─────────────────────────────────▶ │  Adaptria API  │
│                 │    { clientId, clientSecret }       │                 │
│                 │ ◀───────────────────────────────── │                 │
└─────────────────┘     { accessToken, expiresIn }      └─────────────────┘
        │
        │  Use accessToken in Authorisation header
        ▼
┌─────────────────────────────────────────────────────────────────────────┐
│  All other API calls: Authorisation: Bearer <accessToken>              │
└─────────────────────────────────────────────────────────────────────────┘

Token Lifecycle

Validity: 1 hour (3600 seconds)
Renewal: Request a new token before expiration
Revocation: If credentials are revoked, existing tokens become invalid immediately

Security Best Practices

⚠️ Never expose your clientSecret in client-side code
🔄 Implement automatic token refresh before expiration
🔒 Store credentials in secure environment variables
📝 Monitor for 401 Unauthorised responses and refresh tokens accordingly

Authorizations

AuthorizationstringRequired

Authorisation Header Required

JWT access token obtained from POST /api/credentials/token

How to authenticate:

Generate API credentials from the Adaptria Portal
Exchange credentials for a token: POST /api/credentials/token
Include the token in all requests using the Authorisation header: Authorisation: Bearer <token>

Important: Use Authorisation (British English spelling with 's'), not Authorisation (American spelling with 'z').

Token Expiration: 1 hour (3600 seconds)

Body

clientIdstring · min: 1Required

Your unique client identifier provided when API credentials were generated.

This ID uniquely identifies your application and is used together with the client secret to authenticate API requests.

Format: adaptria_<timestamp>_<random>

Example: adaptria_1733836800000_abc123def456

clientSecretstring · min: 1Required

Your confidential client secret provided when API credentials were generated.

⚠️ Security Warning: Keep this secret secure! Never expose it in client-side code, public repositories, or logs.

Best Practices:

Store in environment variables or secure vaults
Rotate periodically
Never commit to version control

Example: sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Responses

200

Token generated successfully

application/json

successboolean · enumRequiredPossible values:

messagestringOptional

400

Missing required fields

401

Invalid or expired credentials

application/json

post

/api/credentials/token

POST /api/credentials/token HTTP/1.1
Host: staging.api.locate.studiographene.co.uk
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 108

{
  "clientId": "adaptria_1733836800000_abc123def456",
  "clientSecret": "sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}

{
  "success": true,
  "data": {
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjcmVkZW50aWFsSWQiOiIxMjM0NTY3OC0xMjM0LTEyMzQtMTIzNC0xMjM0NTY3ODkwYWIiLCJjbGllbnRJZCI6ImxvY2FyaWFfMTczMzgzNjgwMDAwMF9hYmMxMjNkZWY0NTYiLCJ1c2VySWQiOiI5ODc2NTQzMi05ODc2LTk4NzYtOTg3Ni05ODc2NTQzMjEwZmUiLCJlbWFpbCI6ImFwaUBleGFtcGxlLmNvbSIsInJvbGVDb2RlIjoiY2xpZW50IiwiY29tcGFueUlkIjoiYWJjZGVmMTItYWJjZC1hYmNkLWFiY2QtYWJjZGVmMTIzNDU2IiwiaWF0IjoxNzMzODQwMDAwLCJleHAiOjE3MzM4NDM2MDB9.signature",
    "tokenType": "Bearer",
    "expiresIn": 3600,
    "expiresAt": "2025-12-11T11:00:00.000Z"
  },
  "message": "text"
}

PreviousIntroduction Next🏢 Companies

Last updated 1 month ago

Good afternoon

hashtagToken-Based Authentication

hashtagAuthentication Flow

hashtagUsing Authentication

hashtag🔐 Generate Access Token

hashtagAuthentication Entry Point

hashtagPrerequisites

hashtagAuthentication Flow

hashtagToken Lifecycle

hashtagSecurity Best Practices

Authorisation Header Required

Token-Based Authentication

Authentication Flow

Using Authentication

🔐 Generate Access Token

Authentication Entry Point

Prerequisites

Authentication Flow

Token Lifecycle

Security Best Practices