Retrieve OAuth Token
The OAuth 2.0 API provides a secure, standards‑based mechanism for authenticating applications that integrate with API People APIs. It ensures that only authorized applications can initiate API calls—protecting your data and our system integrity.
The API provides short‑lived access tokens (valid for 3600 seconds) by exchanging your client_id and client_secret. These tokens are used to authorize API calls across API People services.
Credentials are passed over TLS, never stored in application code, and rotate regularly to maintain your security posture.
Retrieve your Token
To retrieve your OAuth 2.0 authorization token, send a request to the OAth 2.0 API, which can be in either URL‑Encoded or application-json format. See the examples below.
URL-Encoded:POST /oauth2/token HTTP/1.1
Host: apim.workato.com
Authorization: Basic ${Base64(<CLIENT_ID>:<CLIENT_SECRET>)}
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentialsapplication-json:POST /oauth2/token HTTP/1.1
Host: apim.workato.com
Content-Type: application/json
{
"grant_type": "client_credentials",
"client_id": "<CLIENT_ID>",
"client_secret": "<CLIENT_SECRET>"
}
A successful response returns a JSON object with your access token details as in the example below.
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer",
"expires_in": 3600
}
The table below describes the response parameters:
| parameters | Description |
|---|---|
access_token | Bearer token to include in API requests. |
token_type | Always bearer. |
expires_in | Token lifetime in seconds (usually 3600). |
Now you can Include your bearer token in the Authorization header of API requests.
curl -X GET 'https://example-url.com/payments/credits' \
-H 'Authorization: Bearer <ACCESS_TOKEN>'