Authentication and Authorization

Follow the links below to learn how to authenticate and authorize to:

• ServiceChannel API
• ContractorTools API

Authentication and Authorization to the ServiceChannel API

We use the OAuth 2.0 protocol for authentication and authorization. Two grant types are supported: authorization code and resource owner password credentials.

Note: Check the OAuth 2.0 official portal and OAuth 2.0 Authorization Framework document to learn more about this protocol.

Follow this guide to learn how to authenticate your app and access the ServiceChannel API.

Note: To obtain authorization in the Production environment, use the https://login.servicechannel.com/oauth/token endpoint instead of https://sb2login.servicechannel.com/oauth/token which refers to the Sandbox2 environment.

Step 1. Register Your App

Register your application to get client_id, client_secret, and callback URI.
See App Registration for detailed instructions.

Step 2. Encode App Credentials

Encode your application OAuth credentials to securely use them in the next step. Combine your client_id and client_secret, separate them with a colon :, and Base64 encode the combined values.

To encode client_id and client_secret:

1. Open any base64 encoder, for example, base64encode.org.

2. Insert client_id:client_secret into the field, and click ENCODE. Here is an input example:

     SB.2014917243.70943550-9974-41E7-8B38-CA8C8C024262:1C600CB7-4D24-4787-BB3E-ACD2B2FBF745
   

   Important: Make sure there are no spaces or other unnecessary characters in the input field.

3. Save the encoded string — you will need it in the next step. This is our output example:

     U0IuMjAxNDkxNzI0My43MDk0MzU1MC05OTc0LTQxRTctOEIzOC1DQThDOEMwMjQyNjI6MUM2MDBDQjctNEQyNC00Nzg3LUJCM0UtQUNEMkIyRkJGNzQ1
   

Step 3. Obtain Authorization

Choose between two grant types to obtain authorization:

• Resource owner password credentials
• Authorization code

Resource Owner Password Credentials

Use this grant type when you have the resource owner credentials: username and password for the ServiceChannel account. Exchange these credentials for access_token.

Request access_token

Important: To get a successful response, enter your owner password credentials only in the body of the request.

To get access_token, send a POST request:

POST /oauth/token

Header	Value	Note
Authorization	Basic {encoded client_id:client_secret}	Replace with your encoded client_id:client_secret
Content-Type	application/x-www-form-urlencoded

Parameter	Parameter type	Value	Note
username	Body	SC-Dev1	Replace with your username
password	Body	servicechannel1	Replace with your password
grant_type	Body	password

Example request:

POST https://sb2login.servicechannel.com/oauth/token HTTP/1.1
Authorization: Basic U0IuMjAxNDkxNzI0My43MDk0MzU1MC05OTc0LTQxRTctOEIzOC1DQThDOEMwMjQyNjI6MUM2MDBDQjctNEQyNC00Nzg3LUJCM0UtQUNEMkIyRkJGNzQ1
Content-Type: application/x-www-form-urlencoded

username=SC-Dev1&password=servicechannel1&grant_type=password

Example response:

{
   "access_token": "AAEAAI44ctDQrQ007-wz-r0IyNgUCgz1QAaqbYqhmh30LuOfccRds-OLhwVPg4LDm2m4VR_OIoKiqJzOa8BRPb00pYqZikB11pRP71ttkp6oi6urPYwzT09wJKkXkfc6kT1z5888K7TtEhI3WjUF-rg_LLhQSDswsgfuulDXuKSy6dBVlIdpTf8hxRjiPSPvdJh8djuG-jPTXiss6XIo6RYMi35koX1wSPpRo6xwydpDHLpY6MztSbcjeqoYKmdYk8mP8SpOwQZjZRkdvBre88oyIuIbbtn9Letu-4V4JZygY5vgkrdbXAK7bZnRtUE06i8D9z0XAmOrmpKSlYjcaSnY1wv0AQAAAAEAAAJLJPJwWr7YwN7yv6LkOAydQqsfYFta5wFgcFZR0P8qXXGIHp6lt3HFVmGFXWeXOR_6ny6jPaKxop9uEyCl_v2pYWdLebcOaS1KZhpJVqA-b17e3ZFwKTtr3fdXw2mPo5NYsQCRPPGpxphCjcQI_bsidXHsZpiVdYGtQrVdkcZcDxoN1mkwzKWnrjsFPFHKIU251AUmRZYgLcjKhAqYy-0E7Gg5mKwcHL0D2_UUie4om1CHaLBiyHQnVWbSZ5ccjllh2SWxtuiuQI4IM0z_8IuZrVKh3KarMjBeSGsWAKELnGUvoZUahPq5tsQrdph8U1gAhyeoJg3HshXlXI3szX-0bMXqm0r4px4Hz58xSDR6W_SPnbefZwp_lD-dUlDewbdaOMGY32zgZlpz8dF3zOkTkdOQShpDjO_egktdj_zX0k9VH1N_TgGfZWtb_40ihvvydDncycwvieITRc3r29mxjdo65bPl0diJYMhKRVnr-hd9ZBQQtEdBwvMPq0hNbokXaIsFy9tyy5v7f-O4ozulAcjTcbzeU1K6zbPX5HPIvfb3YtyqOGDDp-YbiH7bHkZlM6_s56zXEJKF0h37VR66lBuFHcRwe1coaSjI2-REv4PqqFYd5qrOocyhwvAlJrY8gU5LWBAIISC0aTE5pl8",
   "token_type": "bearer",
   "expires_in": 600,
   "refresh_token": "gDoX!IAAAABzoOUZoBUUClEEOpCf3xYKU55aGu3FaKPg5hxqkwPTN0QAAAAF73mjZxMcbK5vEoV0NxWzyvZf360UzacuRN-J5KWmL6gQYVwwMy6xR7bzMGm7AbNJtL52ydc2vKXIj3D5dqILIHFZfoI0igTlvwkYtvChkCAh-ocRRGqTVb2n2KKvhUFTZnrTInMG5K313YPdPP21yPUJIF442VabkkRrADN2X6rrlZGIe9vKtJfUnnJdMRs-TvsGQLBulBNx5FxvFlj1sWB92wE2L-ns_OKyMDT0p0f3EoBVsH2rgtrSiX7JVgGAFoCUA3LZO_y-fGE4deLJq"
}

Response code: HTTP/1.1 200 OK

The response body contains access_token that you need to authorize calls to the ServiceChannel API.

Authorization Code

You can use this grant type even when you don’t have the resource owner credentials — username and password for the ServiceChannel account.

With the authorization code grant type, the resource owner is redirected to the authorization server where they sign in using the ServiceChannel credentials. After that, they are redirected to your app callback URI.

The URI contains authorization_code that you exchange for access_token.

Request authorization_code

To obtain authorization_code, send a GET request to the authorization endpoint. You can use your browser address bar to issue this request, but omit the GET verb.

GET /oauth/authorize

Parameter	Parameter type	Value	Note
redirect_uri	Query	https://sb2api.servicechannel.com/swagger/ui/o2c-html	Replace with your callback URI. Omit this parameter when your app has no callback URI.
client_id	Query	SB.2014917243.70943550-9974-41E7-8B38-CA8C8C024262	Replace with your client_id
response_type	Query	code

Example request:

GET https://sb2login.servicechannel.com/oauth/authorize?response_type=code&client_id=SB.2014917243.70943550-9974-41E7-8B38-CA8C8C024262&redirect_uri=https://sb2api.servicechannel.com/swagger/ui/o2c-html

If you are not logged in, a login form appears. Either you or the resource owner should enter the ServiceChannel credentials. If you are already logged in, you get a response URL immediately.

Response URL:

https://sb2api.servicechannel.com/swagger/ui/o2c-html?code=Lb2H%21IAAAAA-4jDlLGC_GkcYuc-oF61TQEeTYfrAqJgCJJnUX0hOpEQEAAAHqhLXHbUVvfJL6F6CQW7NrQ_BKwRuMg0F6ps_UWukICIwLWEieo4rEyqOwQ3gnKwsmQR31XId4BNqLuIZaZyJH1e_T1PITXGUnXFsWrvfpK1Ie6PNdSZ3gI6f8Ekmw9MHudKdnrHN_Cjpcx6TcIJiMoWXg6bq4NZsRtQsBdwBcJka65HEq4v0KBzdP4BBZbSh2H774QEj55hEuMAhQ3aCfCy1chLRIk768oA6QNXnSB3qMTZFA6jv7jus1x6riK6oICAr2Y4gVi6M5sSEBrPsFtKwi7HkP9jHEk4US_7fo5nA0m8PTKkCkm2FQW8TwSv4G69OYSN-xyTI_mAxRFTKcBNHWAr7wN5bfPud_4X3rQQ

In the response URL, the code key value is authorization_code. Exchange it for access_token in the next step.

Request access_token

To get access_token, send a POST request to the token endpoint:

POST /oauth/token

Header	Value	Note
Authorization	Basic {encoded client_id:client_secret}	Replace with your encoded client_id:client_secret
Content-Type	application/x-www-form-urlencoded

Parameter	Parameter type	Value	Note
code	Body	{authorization_code}	Replace with your authorization_code
redirect_uri	Body	https://sb2api.servicechannel.com/swagger/ui/o2c-html	Replace with your callback URI. redirect_uri is required when included in the authorization request described above.
grant_type	Body	authorization_code

Example request:

POST https://sb2login.servicechannel.com/oauth/token HTTP/1.1
Authorization: Basic U0IuMjAxNDkxNzI0My43MDk0MzU1MC05OTc0LTQxRTctOEIzOC1DQThDOEMwMjQyNjI6MUM2MDBDQjctNEQyNC00Nzg3LUJCM0UtQUNEMkIyRkJGNzQ1
Content-Type: application/x-www-form-urlencoded

code=Lb2H%21IAAAAA-4jDlLGC_GkcYuc-oF61TQEeTYfrAqJgCJJnUX0hOpEQEAAAHqhLXHbUVvfJL6F6CQW7NrQ_BKwRuMg0F6ps_UWukICIwLWEieo4rEyqOwQ3gnKwsmQR31XId4BNqLuIZaZyJH1e_T1PITXGUnXFsWrvfpK1Ie6PNdSZ3gI6f8Ekmw9MHudKdnrHN_Cjpcx6TcIJiMoWXg6bq4NZsRtQsBdwBcJka65HEq4v0KBzdP4BBZbSh2H774QEj55hEuMAhQ3aCfCy1chLRIk768oA6QNXnSB3qMTZFA6jv7jus1x6riK6oICAr2Y4gVi6M5sSEBrPsFtKwi7HkP9jHEk4US_7fo5nA0m8PTKkCkm2FQW8TwSv4G69OYSN-xyTI_mAxRFTKcBNHWAr7wN5bfPud_4X3rQQ&redirect_uri=https%3A%2F%2Fsb2api.servicechannel.com%2Fswagger%2Fui%2Fo2c-html&+grant_type=authorization_code

Example response:

{
   "access_token": "AAEAAJgjGpJR6jsG6PTTftfdzAgHWyjk1tHlMByAkGeSkpXbFH2Vn3KcHL1_E4Rb8gzAdjg9h4vw_2DTM4uStcAvrEkqCXG52M_CqmBDoLj-Vf_0CmkBCb7EY_9TOsmkmBGMV5UVpVcY-Y-PcD43ERowTG6kJTkJON1wW7O_HZ2SP2Ytmra19B-xugHjvD5u1cnYNy_6D4dhnGv4or4om7CYkCud1diuWT_Fdn9AJebe59JI76LfIZdgIajxg5A4a3wFmivaXHcfaCwfTsSaMS5CWGl3NiqoDV3O_DxNVjY5Q6PryUYF9rcYt5DVtgJmD10aAy4YMUKrLqhKUqzwhhm_K7n0AQAAAAEAAE03VevSRiUWsasi0DqGf2XTw3H8vv21xkaHR-a8Si88BFxtLUVZ3yEyhPQHHEkiLdZ5DRvouRFZKbwkvHBxoTps9G2Nr37uvxr2Q3dr1YuIZ3DiAd5NQpkC1CYvMCatU6zlvkCHfD30JnaOPsfslYKleDjqgqx4tFJ_6bjes3FlaEp6vzKVwDCjuaGOqoL-oiqvW8jeBMrL2g4kGv-W3Braez7XvIraICe2CU0aov58oEc2-JBebCLTpQY_8tz71qgJvfAXlXyFZk0VM-fXaouO35D2zUoAM5PP8gGlqwWtGM6rVOCPqzBGWXO7lFjQz2nB_QruEDhpBWIjPvR3kFy5BtIK_ywPvDJp3Z4Nt6UcGZYXksO83mEutPuS7YMMzTaieBKR4xgF7xADJc8GpHgRUo8mqpDnE9-IPbflI9EXKjU4p0GXrwMz-0yFfngznppqcZAcvwKn8q6dfo1OrHSENfoBDyyQNM6dryIEJqCiZT5T3f3rkxmsLP6H1ObQg43rB-mheKv_MpKZNQEFd1ebc1-Fdxy1lAiRH_nI7FyaKzcdhdygh76jXWmL2oFD2o7nhLek2Rd498gJ9607ACU4qyH2uulu-bXyKlWkacru1VnRlBudcLNCgjHshIJAOmxutawWF6_ISV75mDZc_rk",
   "token_type": "bearer",
   "expires_in": 600,
   "refresh_token": "3jPA!IAAAAMF2jCy4zdK3l6poWtscY5eTX6FkCo1yh3zHItJwdw1u0QAAAAFA9TDXPBCHjw2QX5T4MmgbiYceT66uDKl_S-ZVIyasVo6DCTCbUjBQlgrpquZtVwSqRjCTJM8ioY9oRd5H5OlcR4s6JgWJGIhBRCQMiLR9dPfUoJgp7EBG7KTeqazV2vtKnUoPdTU-g8m6A7txg3Wq-DpfnTIX83sWViQ32zo6E7FT56x3iU4jDUPL9Ls7Wy7Hx6SM7lg80qhLF8PZOMIqVqt53g9p4UQlj1jZ8rCMBIN_EeHP1jr2ZbU4_SmSekHxtsFmCZnMfjrdjt2T0jbV"
}

Response code: HTTP/1.1 200 OK

The response body contains access_token that you need to call our API.

Step 4. Access Our API

To call our API, you must include the Authorization header with the value
Bearer {access_token} in each API request. Unauthorized calls will fail and result in
401 Unauthorized error.

A sample request to get information on the work order #12345678 might look like this:

GET https://sb2api.servicechannel.com/v3/workorders/12345678 HTTP/1.1
Authorization: Bearer AAEAAI44ctDQrQ007-wz-r0IyNgUCgz1QAaqbYqhmh30LuOfccRds-OLhwVPg4LDm2m4VR_OIoKiqJzOa8BRPb00pYqZikB11pRP71ttkp6oi6urPYwzT09wJKkXkfc6kT1z5888K7TtEhI3WjUF-rg_LLhQSDswsgfuulDXuKSy6dBVlIdpTf8hxRjiPSPvdJh8djuG-jPTXiss6XIo6RYMi35koX1wSPpRo6xwydpDHLpY6MztSbcjeqoYKmdYk8mP8SpOwQZjZRkdvBre88oyIuIbbtn9Letu-4V4JZygY5vgkrdbXAK7bZnRtUE06i8D9z0XAmOrmpKSlYjcaSnY1wv0AQAAAAEAAAJLJPJwWr7YwN7yv6LkOAydQqsfYFta5wFgcFZR0P8qXXGIHp6lt3HFVmGFXWeXOR_6ny6jPaKxop9uEyCl_v2pYWdLebcOaS1KZhpJVqA-b17e3ZFwKTtr3fdXw2mPo5NYsQCRPPGpxphCjcQI_bsidXHsZpiVdYGtQrVdkcZcDxoN1mkwzKWnrjsFPFHKIU251AUmRZYgLcjKhAqYy-0E7Gg5mKwcHL0D2_UUie4om1CHaLBiyHQnVWbSZ5ccjllh2SWxtuiuQI4IM0z_8IuZrVKh3KarMjBeSGsWAKELnGUvoZUahPq5tsQrdph8U1gAhyeoJg3HshXlXI3szX-0bMXqm0r4px4Hz58xSDR6W_SPnbefZwp_lD-dUlDewbdaOMGY32zgZlpz8dF3zOkTkdOQShpDjO_egktdj_zX0k9VH1N_TgGfZWtb_40ihvvydDncycwvieITRc3r29mxjdo65bPl0diJYMhKRVnr-hd9ZBQQtEdBwvMPq0hNbokXaIsFy9tyy5v7f-O4ozulAcjTcbzeU1K6zbPX5HPIvfb3YtyqOGDDp-YbiH7bHkZlM6_s56zXEJKF0h37VR66lBuFHcRwe1coaSjI2-REv4PqqFYd5qrOocyhwvAlJrY8gU5LWBAIISC0aTE5pl8

Step 5. Regenerate an Access Token

All things must pass: your access_token expires after a time period set in the expires_in property of the POST /oauth/token response. The time period is set in seconds.

Use refresh_token that you have received with the POST /oauth/token request to generate a new access token.

POST /oauth/token

Header	Value	Note
Authorization	Basic {encoded client_id:client_secret}	Replace with your encoded client_id:client_secret
Content-Type	application/x-www-form-urlencoded

Parameter	Parameter type	Value	Note
refresh_token	Body	{refresh_token}	Replace with your refresh_token
grant_type	Body	refresh_token

Example request:

POST https://sb2login.servicechannel.com/oauth/token HTTP/1.1
Authorization: Basic U0IuMjAxNDkxNzI0My43MDk0MzU1MC05OTc0LTQxRTctOEIzOC1DQThDOEMwMjQyNjI6MUM2MDBDQjctNEQyNC00Nzg3LUJCM0UtQUNEMkIyRkJGNzQ1
Content-Type: application/x-www-form-urlencoded

refresh_token=gDoX!IAAAABzoOUZoBUUClEEOpCf3xYKU55aGu3FaKPg5hxqkwPTN0QAAAAF73mjZxMcbK5vEoV0NxWzyvZf360UzacuRN-J5KWmL6gQYVwwMy6xR7bzMGm7AbNJtL52ydc2vKXIj3D5dqILIHFZfoI0igTlvwkYtvChkCAh-ocRRGqTVb2n2KKvhUFTZnrTInMG5K313YPdPP21yPUJIF442VabkkRrADN2X6rrlZGIe9vKtJfUnnJdMRs-TvsGQLBulBNx5FxvFlj1sWB92wE2L-ns_OKyMDT0p0f3EoBVsH2rgtrSiX7JVgGAFoCUA3LZO_y-fGE4deLJq&grant_type=refresh_token

Example response:

{
   "access_token": "AAEAAHvK-kwaKbCqmYDQHuO19TZe9NQShKmJG-qnbaHKrfDFcmP16QovG7h_OFi8MIcRukRtnk7tHnvj-7GQcTuBMKalJ9FDg7jIin2VHtSvyXuw776LZwTNjjkUsPK2QLoYycifItymdSeCdA8TwBL9VGN9UvRt2gIG2UG-jngEfOjOkcEPR9tKIL_1DxO3atUEYkkCTRG7zF-VdogR65O0QI2Jct5ITx08YOnKKCujxSo0nXwbeE3WeGXDi4ihcNuJBIyFR144-n5i7RuRNtppDZ3gC_IUJgt4t9iVMW8yDBZJq_wpZPQ7vc8OLLuQwVrFtfkQpFBVJPDoPXOZtHTuvij0AQAAAAEAABx1d35baq8RalnPYAzQ3vcRX7wMCelLNgXpwvUOMNqxzIWP5cxqjK2n58OAq1EDc9OuazT66qmZGpVg5bLLFRi1MI3lp0yCuruxyJznTG97syB_F23nQRgBwYZB9l6DX3dzlG_H2dWB7lEZ7reNTEq2TuFZBsyTlHoY3_1WEqE8mRWWgM3muZV6raEbSkXc0SDTFdAhTK5lPpnKuN30YFbrKtBrnPMsElCVBgBzz7rhABKK6IVNpHVEQCrKf7i5QHN2Ax__g4QcJF9ywx4ccLSFs2zyvODjUzjoJjW5QrW6Bc9VUXmUA39Eu_5O6OKUHAsdnnN72AF8K_xH6YLrjeCiyh4bHlio2ALUS1ksuY9ZHqH63j47JOk24L5L4CWQFhTl4pUlPGiudVHCwQGrUCvLiuxyOzJqrqdNbdG3e1tE1QxwqU4Dd4pCsU-CC6Fks-ETGR18gCqYjjTZBdYy4SKnqeAdfc7mmx7J3jwwW1F2oLHwgE0Er6bkxneLSG0nko9ZAERSZSQfsDR3a67pUvqFiWV58p0n6v4yfUrBuBvFu0uoOZCqP4CvaAXKXw1ux_1St3gQffscFWRv1rJc4eWpeKq7j_WeVWNdejR6L_9FLSGJ2M5Eop9P1g1wBrpZ--fiJo0foC3ewZ_PIGGGchU",
   "token_type": "bearer",
   "expires_in": 600,
   "refresh_token": "3jPA!IAAAAHuPywUyJIaMixVP4uspyXD366mBM5LP1HeqNpKVjMGS0QAAAAFFQXPuyfdaP6X3SOefZpabP6_NhBN59w7lbYNTbixVH7MlH-mQ9YaQcwvYe4sdNDvj_PVfOWDHFQvTSR763yPyJJ9KQGfbf1xsbvqcUCja6ewZ1S-LktGqbew2RzwC3LsU88zXRchRgSm6ZG7Jq2s38FNj_5w8ocKCXG0G2pYs08gtj6TusH45uafhpOt4QZjLWpLTXv_nHKD97gBI_7RlPJzxXYln34K5Avb7bBRnlOEzB9pVMoHb8EWy2MiDdzEez5koXYuVP30uzREwXrIY"
}

Response code: HTTP/1.1 200 OK

The response body contains access_token that you need to call our API.

Authentication and Authorization to the ContractorTools API

We use the JWT tokens with Bearer type for authorization to the ContractorTools API. No grant types are required.

Follow these steps to learn how to authenticate your app and access the ContractorTools API:

Step 1. Register Your App

Register your application to get client_id, client_secret, and callback URI. See App Registration for detailed instructions.

Step 2. Encode App Credentials

Encode your application credentials to securely use them in the next step. Combine your client_id and client_secret, separate them with a colon :, and Base64 encode the combined values.

To encode client_id and client_secret:

1. Open any base64 encoder, for example, base64encode.org.
2. Insert client_id:client_secret into the field, and click ENCODE. Here is an input example:

      SB.2014917243.70943550-9974-41E7-8B38-CA8C8C024262:1C600CB7-4D24-4787-BB3E-ACD2B2FBF745
   

   Important: Make sure there are no spaces or other unnecessary characters in the input field.

3. Save the encoded string — you will need it in the next step. This is our output example:

      U0IuMjAxNDkxNzI0My43MDk0MzU1MC05OTc0LTQxRTctOEIzOC1DQThDOEMwMjQyNjI6MUM2MDBDQjctNEQyNC00Nzg3LUJCM0UtQUNEMkIyRkJGNzQ1
   

Step 3. Obtain Authorization

Request access_token

Important: The maximum expiration time of the access token is 4 hours (for subscriber users this value can be less and equal to Inactivity Timeout value from the Admin settings).

To get access_token, send a POST request:

POST /jwt/token

Header	Value
Authorization	Basic U0IuMjAxNDkxNzI0My43MDk0MzU1MC05OTc0LTQxRTctOEIzOC1DQThDOEMwMjQyNjI6MUM2MDBDQjctNEQyNC00Nzg3LUJCM0UtQUNEMkIyRkJGNzQ1
Content-Type	application/x-www-form-urlencoded

Parameter	Parameter type	Value	Note
username	Body	TestApi1	Replace with your username
password	Body	TestApi123	Replace with your password

Example request:

POST https://sb2login.servicechannel.com/jwt/token HTTP/1.1 
Authorization: Basic U0IuMjAxNDkxNzI0My43MDk0MzU1MC05OTc0LTQxRTctOEIzOC1DQThDOEMwMjQyNjI6MUM2MDBDQjctNEQyNC00Nzg3LUJCM0UtQUNEMkIyRkJGNzQ1 
Content-Type: application/x-www-form-urlencoded 

username=TestApi1&password=TestApi123

Example response:

{ 
    "access_token": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwidHlwIjoiSldUIn0..N-P-KwibW-8vf0K8qV-L_Q.6I1XjUY1kgwW__6Z7oSRRKuW93ss31oc1n5kP-0gDmHpnVxNGd9j84k9hN5QNGXfx_-kP-evcYaEE7ayEGvMdfkCILZToLQKqrMtBJk_xM9sfjXcol1ccn0B6adsEmO7jpJkSHmaecHa0aHQvQBwc3wg2y59ET2yX9jQwrwd8A73oHJKcWpHtwGLN7qUGwK1gUj0rNCVJehUx7QQNdT1HaNFn0WjKVHj91gzCGdQuGg09hVGRNBdeg-mqyjTnd_Z3AlPCL5omMD4tG2npvpa1lwjaR70kce09La6tbLqGwIq5QP_T9P_HA0Rbf1oTGdOJ68iCGhmVIHN_Qy2Umn1Bv1wRi0FgV3zfiuLMrkBxPPwl1n11oQjR0meybbvG2Visv5HzcEVaOfZFokyqQi2lDP5uq0DVBax601QegFjefe08EjluAa6WB8w8m_uFZdOqau9G7aqjjLJy3uACfFugKItN20fuANJ3sRL-y7LI0sTUcpzWTNr0USr0fY6lt_6BYMvUmJa2efxZCMEMTkDCmOZzu3DDbarU689LfQc8TN4cglkaDHZz796OJvCNfMHnCZyz_FgVl1wAyfmb314HE1YnwDXKaFpCAyY1uW4W-8pS_jPyeOygMUManJyqWTF3toJr7ATSwv_43SRkw9BEUzbS1LtuTeZFsPrKbef4u4ycW7iZPGNraIknwOD1Y-o2fp5G7Q288G28oawJRyF26Q0WvQWnvQna4Vp99r4tu3ijd0RI4yA4KzqQdX68hxthCuzGFkl-lk_KbJPlLZwJ8CNXYKGLruAEYmXtwSAHBjOtLD533votlz3kHeYmNBrrb1vV7iS4Qs5MneuowATqV_h7e_aqwWl_-gKQeS2Ib_FuvxuzZbZ5mhIpVt9dcI1UFo0iRKY2TBFrVp9zTPjXOpOWDRArNEpYS2ZK0F7-ZTnWhheZehWX8-kK5znxGHxXBVjG6DJipXt6kGFrPpbyRoBrIQCOjgDdEBo7-g0xoVJ9y7RXt79wRBNxKAzFR9sdiODb99IIzzC3hHI0In6JjKO0_pM9n2a81XDw-f3CZXg5KNvAchn2hXsNnBN08MIR4W2byf-IlkF9f7PkPx61fR7CrDpYLk6_SP4u7sFRzAStmuJn6VW09Ra_NHxZ2HF6a9qmyHj3I-vG__ZeGYcHRHUQPIz0c9mtlqPkHqkDl3rDMmMC9wH7zwhkuGl1jDaNoloL4hP1cKXxAhsru-EH5aDhGadujiHx2us3PzD4o_ntxLvaEpk0XuNGdiL8YViU4UWLkj1SLef-4HA1otU494dWOcxbIDVvRnqmObuUrvSZ5fTiTMUoXbNjNqXxeLBT3jsYce3d-n188u-e1Nin169F8TSQGOMGe8fXDfagPGt-pci1rPW6OLfo-qEIyXBIDvvuYkBO74C16rmjwxuU7JGRfToi_3XVnxawAS4PNTtUHagF24taFglDyKXYjNVoavCdbFJZKf-3nHRDhVx_pL75tKsSMs-EQ2a7L5uFsqmIZBJ-syhy_xKBnV0bGs4RQGqauQlCRLEo9X25gZr7aYDjd8gWFSeArIxtDCKLtx_gUXULE_p8PXqv3rupDPnyNiN8ZDJxIBYvNG9bQhJ_a763fTIUyyn7QV6K1BdczOiQqPo8UHBjcpfuZ6d5m-cgvt8jW2E4Sg2bCmTSWNJ96jEAIa_MWxnA9AwqjkxLjSnU4fhJaXfZ3OXQYDvZbGOHf_zrBqDHp-v3nx6A97dX8slwiqrfa9YC4y0SNHO_j3t8sfxWNWcoFRQ12TocsQhzvBWyZZokeAinvN2qZBmTVrr3mzTam4avIqSzrPoUaX47X_Vm6xKBT3V2yyKQokuSGxUz63GNNR4XBoMsnzNw_--PfERpBHmJL8hFk3AcpaiwL6Ww1-0lJcZbAfLM9ok1BCf8uKgNcE44SS37-LfAw.e6NeSYchzJ8FUd_4sWn-bQ", 
    "refresh_token": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwidHlwIjoiSldUIn0..abKyyDIauW9vQmadpPJXyA.lptlcV8dqVHMW07E0IMZRQHyPHMHA6XEvimmozh1Ab5Xh9bzgb2_JccQVT7Aha_4_dlNZPUkwkD31DgHDcB9bKMM3A5cqVdpWZwgeBbPjDCGFdwLpwnlBbcWCqR3kxMbukgbj7CktPn-W4nQ8n7wc40HaU9RChnsQak-lpsSaLagojnjktUZTRd5VdvbLSeRkUIF-Vhzzaw9JrxPfOaL7e8zEr922Z5jjvRozgxulWtRcDWkM3FUMen4Q5AkOCgnLq3G2N_6UpYShHPtGoVCtnIP7QkaxP2-AZjPEOvz5gdciI170CXm5FqR1hFv5FXPZXOldaIAdAqrQu6tX7TUQ3Kuatx0NKz4g8vR7twp2NL5zk7ajnt-nY2lwjeEsqGlWxDsYfgFYC3qh8VZw8XZIWK4vEfajgQV5REJcODqao5lgG5Sh3ywfBw_yvXZro-U7Ve-HR5H3BovA4dqBf5uDjz0DCWAVFy1IdCXFldeAKR89Q6VEN3kBPAAXx1ovQu8cimpdYz351qibAIwAjulXU66KGLrBRxdrBULHdIN7R04DnKNha_CAjvimJAg6eCVEBWG61PbHdX2-ynHY6Jkgfv749gOnX0D4dRRNHqP3OgWKHAHfPTGEvMuwE03sFf51TlLddLWTUYSunN2DkncUck-BFZfLn6e6KJEFn9sAIFgmqugm2IKLMAK03FMusn2DZmQP88zSdYV7wdQ8J6CkAS9RN_R2ZZgwEwAFZUP54ebWvhT2_bAFeA3AfKVLnLtPgu5oMJwpTdqR9KcSTC9DBMo6b89Psx7W6lSmioXY7vfUF0SABYYAWqQgsG6Kv7QzECcH4ToLgoU5hnS-P9HkFFTeyYHITtIuD-2BVzKl7WBYPRDTcow1tFCj0g8pK7rfUzaK0JJMxi061kWOZ_QSylUPj2YDXJNxyWvWAQV1ydFUiYW8NCMw7ahmQYypgNawdTzKngHiMxxgsLsIS3EVQ.fad_c5Zt0b-OWPoIF7_xmw",
    "token_type": "jwt",
    "expires_in": 14400 
} 

Response code: HTTP/1.1 200 OK

The response body contains access_token that you need to authorize calls to the ContractorTools API.

Step 4. Access Our API

To call the ContractorTools API, you must include the Authorization header with the value Bearer {access_token} in each API request. Unauthorized calls will fail and result in 401 Unauthorized error.

Step 5. Regenerate an Access Token

All things must pass: your access_token expires after a time period set in the expires_in property of the POST /JWT/token response. The time period is set in seconds.

Use refresh_token that you have received with the POST /JWT/token request to generate a new access token.

POST /jwt/token

Header	Value
Authorization	Basic U0IuMjAxNDkxNzI0My43MDk0MzU1MC05OTc0LTQxRTctOEIzOC1DQThDOEMwMjQyNjI6MUM2MDBDQjctNEQyNC00Nzg3LUJCM0UtQUNEMkIyRkJGNzQ1
Content-Type	application/x-www-form-urlencoded

Parameter	Parameter type	Value	Note
refresh_token	Body	{refresh_token}	Replace with your refresh_token