iKentoo API documentation

API authentication


iKentoo REST APIs authentication done through an OAuth2 flow using the Authorization Code grant type.

Test environment endpoints:

  • Auth URL : https://nightswatch-trial.ikentoo.com/oauth/authorize
  • Access Token URL : https://nightswatch-trial.ikentoo.com/oauth/token

Production environment endpoints:

  • Auth URL : https://nightswatch.ikentoo.com/oauth/authorize
  • Access Token URL : https://nightswatch.ikentoo.com/oauth/token

The token you will receive is non expiring so you will not need to bother with a refresh token.


Here are few tips to use OAuth2, but to fully understand this standard authorization framework, you should have a look to this guide and more specifically to the authorization code flow part.

To get the final user access token, you first need to get an authorization code from the server by using a redirection url in parameter of the authorization server url. Example of url to provide to the final user in our trial envrionment :


Replace parts of this url:

  • https://nightswatch.ikentoo.com/oauth/authorize in production environment
  • client_id with your client-id (you should have a client id per environment)
  • redirect_uri with a uri your are listening

The final user will log in and then accept the scope to use, then your uri will be called with the authorization code in parameter, like this:


To get the bearer token, you need to call /token (POST method) with the previous code with basic authentication (clientId and clientSecret, ie “Basic “ + {clientId:clientSecret encoded in base 64} as Authorization HTTP header value) and the same redirect uri. Example with curl:

curl -X POST -d "code=VlWFo0&grant_type=authorization_code&client-id=Your-trial-client-id&redirect_uri=https://mycompany.com/redirection/ikentoo" -H 'authorization: Basic WW91ci10cmlhbC1jbGllbnQtaWQ6WW91ci1jbGllbnQtc2VjcmV0' https://nightswatch-trial.ikentoo.com/oauth/token

The response is formatted as json:


Then the access token will be used to call API endpoints with header Authorization: Bearer 31b4cd66-9941-456a-a483-84ffef0942e6