Authentication API
The Authentication API is used to generate an Access Token, which is required for all API calls that require authentication.
Token Validity and Usages
IMPORTANT:
- The Access Token obtained from this API call remains valid for 25 hours.
- It is recommended to store and reuse the token on the server side for up to 24 hours to minimize authentication requests.
- Avoid generating a new token for each API call or every user visit, as this increases latency.
- While there is no strict limit on authentication requests, fair usage policies apply.
API Endpoint
Method: POST
URL: https://<PA_AUTH_END_POINT>/auth/connect/token
Request Header
| Name | Value |
|---|---|
Content-Type | application/x-www-form-urlencoded |
Request Parameters (Body)
| Parameter | Type | Required | Description |
|---|---|---|---|
client_id | string | ✅ | Provided to your company by PA. |
client_secret | string | ✅ | Provided to your company by PA. |
grant_type | string | ✅ | Must always be client_credentials. |
Response Payload
{
"access_token": "xxxxxxxxxxxxxxxxxxxxxx",
"expires_in": 90000,
"token_type": "Bearer",
"scope": "api:recs api:search"
}
Response Parameters
| Parameter | Type | Description |
|---|---|---|
access_token | string | The token used as a bearer token for authenticating all subsequent API calls. |
expires_in | integer | Duration in seconds during which the token remains valid. |
token_type | string | Type of token. |
grant_type | string | System generated information. |
Example Usage (JavaScript)
var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/x-www-form-urlencoded");
var urlencoded = new URLSearchParams();
urlencoded.append("client_id", "YOUR_CLIENT_ID");
urlencoded.append("client_secret", "YOUR_CLIENT_SECRET");
urlencoded.append("grant_type", "client_credentials");
var requestOptions = {
method: 'POST',
headers: myHeaders,
body: urlencoded,
redirect:'follow'
};
fetch("https://<PA_AUTH_END_POINT>/auth/connect/token", requestOptions)
.then(response => response.json())
.then(result=> {
console.log(result);
const accessToken= result.access_token; // Use this token in subsequent requests
})
.catch(error => console.log('error', error));
Best Practices
- Store and reuse the token on the server side for 24 hours.
- Avoid requesting a new token before every API call, as it increases latency.
- Ensure proper security measures for storing
client_idandclient_secret. - Implement error handling for token failures or expiration.
- Be aware of fair usage policies, even though there is no strict limit.