Skip to main content

Authentication API

The Authentication API is used to generate an Access Token, which is required for all API calls that require authentication.

Token Validity and Usages

IMPORTANT:
  • The Access Token obtained from this API call remains valid for 25 hours.
  • It is recommended to store and reuse the token on the server side for up to 24 hours to minimize authentication requests.
  • Avoid generating a new token for each API call or every user visit, as this increases latency.
  • While there is no strict limit on authentication requests, fair usage policies apply.

API Endpoint

Method: POST

URL: https://<PA_AUTH_END_POINT>/auth/connect/token

Request Header

NameValue
Content-Typeapplication/x-www-form-urlencoded

Request Parameters (Body)

ParameterTypeRequiredDescription
client_idstringProvided to your company by PA.
client_secretstringProvided to your company by PA.
grant_typestringMust always be client_credentials.

Response Payload

{
"access_token": "xxxxxxxxxxxxxxxxxxxxxx",
"expires_in": 90000,
"token_type": "Bearer",
"scope": "api:recs api:search"
}

Response Parameters

ParameterTypeDescription
access_tokenstringThe token used as a bearer token for authenticating all subsequent API calls.
expires_inintegerDuration in seconds during which the token remains valid.
token_typestringType of token.
grant_typestringSystem generated information.

Example Usage (JavaScript)

var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/x-www-form-urlencoded");

var urlencoded = new URLSearchParams();
urlencoded.append("client_id", "YOUR_CLIENT_ID");
urlencoded.append("client_secret", "YOUR_CLIENT_SECRET");
urlencoded.append("grant_type", "client_credentials");

var requestOptions = {
method: 'POST',
headers: myHeaders,
body: urlencoded,
redirect:'follow'
};

fetch("https://<PA_AUTH_END_POINT>/auth/connect/token", requestOptions)
.then(response => response.json())
.then(result=> {
console.log(result);
const accessToken= result.access_token; // Use this token in subsequent requests
})
.catch(error => console.log('error', error));

Best Practices

  • Store and reuse the token on the server side for 24 hours.
  • Avoid requesting a new token before every API call, as it increases latency.
  • Ensure proper security measures for storing client_id and client_secret.
  • Implement error handling for token failures or expiration.
  • Be aware of fair usage policies, even though there is no strict limit.