HomeAPI Reference
API Reference

Authentication

OAuth v2.0

RecVue APIs are authenticated via OAuth v2.0. RecVue recommends you to create a dedicated API user with API write access on a tenant when authenticating via OAuth. By creating a dedicated API user, you can control permissions of the API user without affecting other non-API users.

Understanding the Username-Password OAuth Authentication Flow
Use the username-password authentication flow to authenticate when the consumer already has the user’s credentials. In this flow, the user’s credentials are used by the application to request an access token as shown in the following steps.

  1. The application uses the user’s username and password to request an access token. This is done via an out-of-band GET request to the appropriate RecVue token request endpoint, such as https://{company short name}.recvue.com/api/v2.0/token.
  2. RecVue verifies the user credentials, and if successful, sends a response to the application with the access token. This response contains the access token and expiration date.
  3. The application uses the provided access token to access protected user data via REST APIs.

Keep the following considerations in mind when using the username-password OAuth flow:
Since the user is never redirected to login at RecVue in this flow, the user can’t directly authorize the application, so no refresh tokens can be used.