Authentication

Authentication for the v2 endpoints is currently managed through OAuth2.

In order to establish an initial API connection for a User/Business Account into the REDEX API, you will first need the following information provided directly to you.

Clients

A client is application to access a user’s business account data, can perform on resources on behalf of the user. The client needs to be authorized to use REDEX API. Authorized client must have a pair of credentials (Client ID and Secret).

Grants

Grants dictate the order of operations for a client to obtain an access token. These unique orderings are called flows.

API Key Grant

This grant type requires a special key created and owned by the business account’s user, used by the Client app to interact with REDEX authorization server, which issues an access token to the client.

 

 

Refresh Token Grant

This grant type requires a refresh token created and owned by the business account’s user, used by the Client app to interact with REDEX authorization server, which creates new access token to the client.

Refresh token is returned along with access token when calling API get access token using grant api_key

 

Token lifetime

Access Token:

3600 seconds (1 hour)

Refresh Token:

2592000 seconds (30 days or 720 hours)