Skip to main content


The Authentication API call generates the Access Token, a prerequisite for all API calls requiring authentication.

The Access Token obtained from the Auth API call remains valid for 25 hours. It's advisable to store and reuse the token on the server side for 24 hours across all API calls, regenerating a new Access Token every day.

Creating an Access Token before each API call or per-user visit can increase latency. Although there's no strict limit for Auth calls, we enforce fair usage policies.

  • Method: POST

  • URL: https://<PA_AUTH_END_POINT>/auth/connect/token

  • Headers:

    • Content-Type: application/x-www-form-urlencoded
  • Body Parameters:

    • client_id [REQUIRED]: Provided to your company, by PA.

    • client_secret [REQUIRED]: Provided to your company, by PA.

    • grant_type [REQUIRED]: Should always be client_credentials.

  • Returned Payload:

    "access_token": "xxxxxxxxxxxxxxxxxxxxxx",
    "expires_in": 90000,
    "token_type": "Bearer",
    "scope": "api:recs api:search"
    • access_token: The token used as a bearer token for authenticating all subsequent API calls.

    • expires_in: Duration in seconds during which the token remains valid.

    • token_type: Type of token.

    • scope: System generated information.

Heres an example code snippet using JavaScript’s Fetch API:

var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/x-www-form-urlencoded");

var urlencoded = new URLSearchParams();
urlencoded.append("client_id", "YOUR_CLIENT_ID");
urlencoded.append("client_secret", "YOUR_CLIENT_SECRET");
urlencoded.append("grant_type", "client_credentials");

var requestOptions = {
method: 'POST',
headers: myHeaders,
body: urlencoded,

fetch("https://<PA_AUTH_END_POINT>/auth/connect/token", requestOptions)
.then(response => response.json())
.then(result=> {
const accessToken= result.access_token; // Use this token in subsequent requests
.catch(error => console.log('error', error));


This document provides information on the Authentication API call, Access Token validity, and usage guidelines.

  • The Access Token remains valid for 25 hours and should be stored and reused on the server side.

  • Creating an Access Token before each API call can increase latency.

  • Fair usage policies are enforced for Auth calls with no strict limit specified.

  • The method for the API call is POST, and the URL is https://<PA_AUTH_END_POINT>/auth/connect/token.

  • Body parameters include client_id, client_secret, and grant_type as client_credentials.