How to authenticate using client secrets.
Follow these instructions to enable the API for your organisation.
In the Method Grid app:
- Click on your profile image bottom left
- Select 'My settings'
- Select the 'Security' tab
- Scroll to the 'API Client Secrets' section (if you don't see this section, you may need to enable the API for your organisation)
- Note your client-id; this is the client-id you will use to authenticate with the API
- Click 'Create new client secret'
- Copy the generated client secret and store it securely
Make a POST request to https://api.methodgrid.com/v1/authenticate with parameters client_id and client_secret in the request body. This can be x-www-form-urlencoded or JSON.
Example JSON request body:
{
"client_id": "12345",
"client_secret": "abcdefghijklmnopqrstuvwxyz"
}
The credentials will be verified and if valid, a response with status 200 OK containing an access token will be returned. This access token will have an expiry time of 1 hour.
Example JSON response body:
{
"accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9eyJpYXQiOjE1ODY1OTQ1MTgsImlzcyI6IiIsImp0aSI6ImFiY2RlIiwidXNlciI6IjEyMzQ1Iiwib3JnYW5pc2F0aW9uIjoiNjc4OTAiLCJzY29wZSI6Im9yZ2FuaXNhdGlvbiIsInNlY3JldFR5cGUiOiJkeW5hbWljIn0=",
"refreshToken": "qmhxi4i3lv1fy6c840759junkpt2sdga"
}
Include the access token in the Authorization header of your requests.
For example, make a request to http://api.development.methodgrid.com/v1/dashboards/grids with the following header:
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9eyJpYXQiOjE1ODY1OTQ1MTgsImlzcyI6IiIsImp0aSI6ImFiY2RlIiwidXNlciI6IjEyMzQ1Iiwib3JnYW5pc2F0aW9uIjoiNjc4OTAiLCJzY29wZSI6Im9yZ2FuaXNhdGlvbiIsInNlY3JldFR5cGUiOiJkeW5hbWljIn0=
If the access token expires, you can make a POST request to https://api.methodgrid.com/v1/authenticate with parameter refresh_token in the request body to obtain a new access token.
Example JSON request body:
{
"refresh_token": "qmhxi4i3lv1fy6c840759junkpt2sdga"
}