Learn how to authenticate your API requests to the SFS API platform.
Secure Data Transmission:
All API requests to the SFS API platform must be made via HTTPS. Attempts to make
calls over plain HTTP will be unsuccessful.Bearer Token Authentication:
Each API request must authenticate using a Bearer token. This token is generated by
SFS using the provided API Key and Secret. This authentication method aligns with OAuth 2.0 standards,
the recognized protocol for API authorization. When an API request is received,
SFS checks whether the bearer of the token is valid and has not expired.POST /api/token
with the request body
containing the apiKey
and Secret
values you obtained in the previous step.
The /api/token
endpoint does not require any authentication headers, which is in line with the OAuth 2.0 standard.
201 Created
response contains the access_token
and its validity time (in seconds):
expires_in
value
(in seconds). Nevertheless, in certain cases you may want to explicitly revoke an active token, such as when
a client logs out from your application.
To revoke a token, call POST /api/token
with a request body containing the revoke
action, and specify the
platform Bearer token
in the header:
201 OK
response indicates that the specified token has been revoked successfully.
POST /api/token
, and specify the Key of this client in clientKey
request field,
and specify the platform Bearer token
in the header:
201 Created
response contains the access_token
and its validity time (in seconds):
expires_in
value
(in seconds). Nevertheless, in certain cases you may want to explicitly revoke an active token, such as when
a client logs out from your application.
To revoke a token, call POST /api/token
with a request body containing the revoke
action and the client access token
,
and specify the platform Bearer token
in the header:
201 OK
response indicates that the specified token has been revoked successfully.
X-Sendforsign-Key
API key in the header and your Client Key in the request body.