Authentication
Ensure no spooky stuff happens
To interact with the Prio API, you must authenticate using OAuth 2.0. Upon onboarding, you will receive a client_id and client_secret, which you will use to obtain an access token.
Getting an Access Token
Use the client_credentials grant type to request an access token. Once obtained, the token must be included in the Authorization HTTP header for all subsequent API requests:
If the Authorization header is missing or the token is invalid, the request will be rejected with an appropriate error message. A 400 Bad Request or 403 Forbidden response will be returned depending on the scenario.
Important: Access tokens have an expiration time. Once expired, a new token must be requested. Multiple tokens can be active at the same time. To minimize unnecessary traffic and latency, only request a new token when the current one has expired.
We strongly recommend using a reputable OAuth 2.0 library for your programming language to handle token management and HTTP header injection automatically. Avoid implementing this logic manually.
Security Guidelines
HTTPS Required: All API requests must be made over HTTPS. Requests over plain HTTP will be rejected.
Authentication Required: All API requests must include a valid access token. Requests without authentication will fail.
Token Revocation: If a token is deactivated or otherwise invalidated, the API will return a
403 Forbiddenresponse.Key Management: Your API credentials (
client_idandclient_secret) must be kept confidential. You are fully responsible for all activity conducted using your credentials.Compromised Keys: If you suspect your credentials have been exposed or misused, immediately contact us to revoke access and regenerate credentials.
Last updated
Was this helpful?