Authentication

The API uses OAuth 2.0 for authentication and authorization. Clients must obtain an access token to access protected resources. This process follows the OAuth 2.0 standard for token acquisition and usage.

During client registration, each client receives unique credentials — such as a client ID and client secret — which are required to request an access token via the Request Access Token endpoint.

Once obtained, the access token remains valid for 24 hours. Therefore, clients should not request a new token for every API call. Instead, the token should be stored securely in memory and reused until it expires. Before making a request, clients should check the exp (expiration) attribute inside the token to verify its validity. If the token has expired, a new one must be requested.