Authentication
All API4Business APIs use OAuth2 Client Credentials authentication.
How it works
- You send your
client_idandclient_secretto the token endpoint - You receive an
access_token - You include the token in the
Authorizationheader of every API request
Token endpoint
POST https://api.api4business.com/oauth/v1/tokenRequest
| Parameter | Type | Required | Description |
|---|---|---|---|
| grant_type | string | Yes | Must be client_credentials |
| client_id | string | Yes | Your OAuth2 client ID |
| client_secret | string | Yes | Your OAuth2 client secret |
Response
json
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6...",
"token_type": "Bearer",
"expires_in": 3600
}Using the token
Include the access token in the Authorization header:
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6...Token expiry
Access tokens expire. Check the expires_in field and refresh before expiry. Implement token caching in your application to avoid unnecessary token requests.
Getting credentials
Sign up at developers.api4business.com to get your client credentials.
Sandbox vs production
You will receive separate credentials for sandbox and production environments. See Environments for details.
What's next
- Environments — Sandbox vs production URLs
- Rate Limits — Throttling policy and retry logic