Guides

Authentication

Resly’s Open API requires secure authentication to access its endpoints. This guide walks you through the steps to authenticate your requests and manage access tokens effectively.

Suggest Edits

Prerequisites

Before you begin, ensure you have:

  1. A Resly Account ID.
  2. A valid API key. The API key is tied to your account and has predefined scopes determining which endpoints you can access.

Base URLs

Production Environment: https://api.resly.com.au

Test Environment: https://test.api.resly.com.au

Use the appropriate base URL depending on your environment.

Step 1: Retrieve an Access Token

The first step in accessing the Resly Open API is retrieving an access token. This token is required for all subsequent API requests and is valid for 24 hours.

Endpoint

  • URL: /token
  • Method: POST
  • Headers:
    • Content-Type: application/json
  • Body (JSON):
{
  "accountId": "<your-account-id>",
  "key": "<your-api-key>"
}

Example Request

curl -X POST https://api.resly.com.au/token \
  -H "Content-Type: application/json" \
  -d '{
    "accountId": "your_account_id",
    "key": "your_api_key"
  }'

Example Response

If successful, the API returns a JSON object containing the access token and its expiration details:

{
  "success": true,
  "token_type": "Bearer",
  "message": "Authentication successful.",
  "token": "eyJhbGciOiJIUzI1NiIsIn...",
  "expires_in": 86400,
}
  • token: The token to use in subsequent API requests.
  • expires_in: The time (in seconds) until the token expires.

Note: Store the access token securely and ensure it is refreshed before it expires.

Step 2: Access API Endpoints

Once you have an access token, include it in the Authorization header for all API requests.

Header Format

Authorization: Bearer <access-token>

Example Request

Here’s an example of using the access token to call a protected endpoint:

curl -X GET https://api.resly.com.au/endpoint \
  -H "Authorization: Bearer your_access_token"

Step 3: Understand Scopes

Some API endpoints require specific scopes for access. The scope determines which actions the token can perform. These scopes are predefined when the API key is generated.

Checking Scope Permissions

Ensure your API key has the necessary scope for the endpoint you wish to access. If a request is denied due to insufficient scope, you may need to generate a new API key with the required permissions.

Best Practices

  1. Token Security: Never expose your access token in public repositories or client-side code.
  2. Token Refresh: Automate token refreshes to prevent disruptions in your application. Remember, tokens are valid for 24 hours.
  3. Scope Management: Use the principle of least privilege when generating API keys. Only enable scopes you need.
  4. Error Handling: Handle token expiration errors gracefully by detecting 401 Unauthorized responses and triggering a token refresh.

Troubleshooting

  • 401 Unauthorized:

    • Check if your access token is valid and unexpired.
    • Ensure the token has the correct scope for the endpoint.

  • 400 Bad Request:

    • Verify your request body and headers are correctly formatted.

  • 403 Forbidden:

    • Confirm that your API key’s scope includes the requested endpoint.

By following these steps, you’ll be able to authenticate and interact with Resly’s Open API effectively.

Updated 4 months ago