v3 onwards, we’ve simplified the authentication process by removing the need for API keys. Instead, authentication is now handled through a token-based system. Below is a step-by-step guide on how to authenticate and manage session tokens in this new version.

Getting An Access Token

To authenticate, you need to obtain an access token using your email and password. The endpoint POST /v3/auth/token allows you to exchange your credentials for an access token, a refresh token, and an expiry time.

Example Request

POST /v3/auth/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: ..

username=user@example.com&password=yourpassword

Example Response

{
  "access_token": "eyJhbGciOi...",
  "refresh_token": "def456gh...",
  "expires_in": 3600
}

You should have a system in place that reuses the access token until the expiry time has been met and then use the refresh token to request a new. Refresh tokens do expire so you should fallback to username and password should refresh token fail.

Refreshing Tokens

When your access token expires, you can use the refresh token to get a new access token without needing to log in again. The endpoint POST /v3/auth/refresh will provide a new access token, refresh token, and expiry time.

Example Request

POST /v3/auth/refresh HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: ..

refresh_token=def456gh...

Example Response

{
  "access_token": "eyJhcGcifi...",
  "refresh_token": "def126gh...",
  "expires_in": 3600
}