Skip to main content

Authentication

The SSN API uses OAuth2 client credentials.

Each client receives a separate client_id and client_secret for each environment. Use the token endpoint to request a bearer token, then pass that token on API requests.

POST /api/v1/oauth/token
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET

Tokens expire after one hour. Request a new token when the current one expires.

Site asset assignment is part of the Site Visits resource. Clients need site-visits:write to send siteAssetIds and site-visits:read to read returned siteVisitAssets; there are no separate site asset scopes.