Appearance
Authentication
All API requests require a valid Bearer Token. Tokens are obtained by exchanging your Client ID and Client Secret.
Generate a Token
http
POST https://api.spayon.io/api/tokens
Content-Type: application/jsonhttp
POST http://staging-spayon-api.eu-north-1.elasticbeanstalk.com/api/tokens
Content-Type: application/jsonRequest Body
json
{
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET"
}Response
json
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 3600
}Response Codes
| Status Code | Description |
|---|---|
200 OK | Token generated successfully |
401 Unauthorized | Invalid Client ID or Client Secret |
Token Management
| Property | Value |
|---|---|
| Expiration | 3600 seconds (1 hour) |
| Refresh tokens | Not available — generate a new token before expiry |
TIP
Cache the token server-side and regenerate it proactively before it expires. Do not generate a new token for every API call.
Using the Token
Include the token in the Authorization header for all subsequent requests:
http
Authorization: Bearer YOUR_ACCESS_TOKEN