Authentication

authentication all requests require a short lived access token to access resources the time validity for the long and short token is customisable as per customer needs and security requirements the updates api uses a two step authentication approach a integration consumer is created in the jomablue portal and generate a long lived token you exchange that token for a short lived access token used on requests multiple consumers with limited scope can be created as well as multiple access tokens per consumer, so a consumer could be a customers crm or marketing system, while still granting a different set of permissions to another consumer / onsite activation or third party with a more limited scope of data acess token rotation is supported endpoint post https //{{instance}} jomablue com/integration/api/auth headers include these headers on all updates api requests authorization bearer \<token> accept application/json when sending json bodies (auth), also include content type application/json it's also good idea to send a appropriate user agent to help jomablue identify requests originating from your systems examples example request curl request post \\ \ url https //{{instance}} jomablue com/integration/api/auth \\ \ header 'authorization bearer eyp0ex 8bbs' \\ \ header 'user agent customer system name' \ header 'accept application/json' \ header 'content type application/json' example response { &#x9;"success" true, &#x9;"data" "eyp0ex 8bbs", &#x9;"included" \[] }