Authentication

The iAdvize authentication mechanism uses temporary tokens that have a 24-hour lifetime.
You can generate your own tokens with a user email & password.
Please note the following policy on authentication:
  • 10 logins per minute per user
  • 100 logins per minute per IP address

Create an Access Token

You have make a POST call on the following endpoint: https://api.iadvize.com/oauth2/token and send the following parameters:
Parameter
Description
Type
Mandatory
username
User email
String
Yes
password
User password
String
Yes
grant_type
Oauth2 grant type (only password is supported)
String
Yes
Please note that parameters must be sent as application/x-www-form-urlencoded
Examples:
cURL
NodeJS
curl --request POST \
--url https://api.iadvize.com/oauth2/token \
--data "username={EMAIL}&password={PASSWORD}&grant_type=password"
const axios = require('axios');
const querystring = require('querystring');
const authEndpoint = 'https://api.iadvize.com/oauth2/token';
const username = 'YOUR_IADVIZE_USER_EMAIL';
const password = 'YOUR_PASSWORD'
axios
.post(
authEndpoint,
querystring.stringify({
grant_type: 'password',
username,
password
})
)
.then(function (response) {
console.log(response);
});

Response (example):

{
"access_token": "BMU9FSlOV.....UU0UVRPUSJ9.9yZCIsInBl....cm1pc3Npb0.xw3blsLI8gujt....JPX5U8v24o1gUsg",
"expires_in": 86400,
"token_type": "Bearer",
"refresh_token": "none"
}

Authenticate your API calls

To authenticate an API call just pass the access token in an authorization header.
curl --request POST \
--url https://api.iadvize.com/graphql \
--header "Content-Type: application/json" \
--header "Authorization: Bearer {YOUR_ACCESS_TOKEN}" \
--data "YOUR_QUERY"

Check the validity of an access_token

You can verify token validity with the authenticated route below.
curl --request GET \
--url https://api.iadvize.com/_authenticated \
--header "Authorization: Bearer {YOUR_ACCESS_TOKEN}"
If your token is valid, you will receive a response that looks like this:
{
"authenticated": true
}
If your token is expired or invalid, you will receive the following response:
{
"error_description": "access token not valid",
"error": "invalid_token"
}