Guides

Authentication

Suggest Edits

Step 1 - Find Your API Key and Secret

Your key and secret can be found by logging in to Swoogo and navigating to My Profile > API Credentials.

Step 2 - Encode Consumer Key and Secret

The steps to encode your consumer key and secret into a set of credentials to obtain a bearer token are:

  1. URL encode the consumer key and the consumer secret according to RFC 1738.
  2. Concatenate the encoded consumer key, a colon character :, and the encoded consumer secret into a single string.
  3. Base64 encode the string from the previous step.

Example

  • Key

    xvz1evFS4wEEPTGEFPHBog

  • Secret

    L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg

  • Concatenated

    xvz1evFS4wEEPTGEFPHBog:L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg

  • Base64 Encoded

    eHZ6MWV2RlM0d0VFUFRHRUZQSEJvZzpMOHFxOVBaeVJnNmllS0dFS2hab2xHQzB2SldMdzhpRUo4OERSZHlPZw==

Step 3 - Obtain a Bearer Token

The value calculated in step two must be exchanged for a bearer token by issuing a request to POST /api/v1/oauth2/token

  • The request must be an HTTP POST request.
  • Include an Authorization header with the value of your base64 encoded token (from step 2).
  • Include a Content-Type header with the value of application/x-www-form-urlencoded;charset=UTF-8.
  • The body of the request must be grant_type=client_credentials.

Example Request:

POST /api/v1/oauth2/token
Host: api.swoogo.com
Authorization: Basic YOUR_BASE_64_ENCODED_TOKEN
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

grant_type=client_credentials

Step 4: Authenticate API Requests with the Bearer Token

The bearer token may be used to issue requests to Swoogo API endpoints. To use the bearer token, construct a normal HTTPS request and include an Authorization header with the value of your bearer token from step 3.

Example Request:

GET /api/v1/events
Host: api.swoogo.com
Authorization: Bearer YOUR_BEARER_TOKEN

Note Bearer tokens expire every 30 minutes—do not rely on them remaining the same. The token API call will return a field called expires_at, which is a UTC timestamp letting you know when the current token will expire.

Updated about 2 months ago

What’s Next