Authentication
The Worklayer API uses an OAuth client credentials flow to authenticate requests. API client keys are currently provisioned on demand for your workspace. You can request API keys for your workspace by contacting our customer success team.
Your API client is associated with a machine-type member in your workspace, and permissions can be granted to that member to allow or restrict specific flows.
Be sure to keep your API keys secure and not share them in publicly accessible areas such as GitHub, client-side code, and so forth.
Authentication with the API is performed via requesting a token with your client and passing that token via an Authorization
header as a Bearer
token in the request.
All API requests must be made over HTTPS. Calls made over plain HTTP might fail. Likewise, API requests without authentication will also fail.
Retrieving a token
Request Parameters
Your client id.
Your client secret.
The audience of the token. Only https://api.worklayer.com/public/
is supported.
Only client_credentials
is supported.
Sample Request
Copied1curl -X POST "https://taxfyle.auth0.com/oauth/token" \2 -H 'content-type: application/json' \3 -d '{"client_id":"{your_client_id}","client_secret":"{your_client_secret}","audience":"https://api.worklayer.com/public/","grant_type":"client_credentials"}'
Response
The access token.
The scope of the token. Usually, api:access
.
The number of seconds until the token expires.
The type of token. Always Bearer
.
Copied1{2 "access_token": "eyJhbGciOiJSUzI1NiIsIn...",3 "scope": "api:access",4 "expires_in": 3600,5 "token_type": "Bearer"6}
Authenticating a request
Here we show calling the member list endpoint with a token.
Copied1curl -X GET 'https://api.worklayer.com/v1.0/members' \2-H 'Authorization: Bearer {access_token}'