Skip to main content

Calling an API

All Prisjakt APIs use the OAuth 2.0 Client Credentials Grant Flow for authentication. This industry-standard protocol ensures secure, authorized access to our platform.

Authentication Process

To successfully call our APIs, follow these steps:

  1. Request an Access Token Obtain a token from the authentication endpoint using your client credentials

  2. Make API Calls Include the access token in the Authorization header as a Bearer token

  3. Token Management Reuse the same token for multiple requests until it expires (typically 24 hours)

API Request Example

Step 1: Obtain an Access Token

Before making API requests, you must obtain an access token using your client credentials. If you haven't received credentials yet, refer to the Credentials guide.

Token Reuse Required

Do not request a new token for each API call. Store and reuse the same token until it expires. Implement token refresh logic only when the token is about to expire or when you receive a 401 Unauthorized response.

Token Request:

curl -X POST 'https://auth.pj.nu/oauth2/token' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --header 'Accept: application/json' \
  --data 'grant_type=client_credentials' \
  --data 'client_id=YOUR_CLIENT_ID' \
  --data 'client_secret=YOUR_CLIENT_SECRET'

Token Response:

The authentication endpoint returns a JSON Web Token (JWT) with the following structure:

{
  "access_token": "eyJhbGciOi.....",
  "expires_in": 86399,
  "scope": "",
  "token_type": "bearer"
}

Token Properties:

  • access_token: The JWT token used for authentication
  • expires_in: Token lifetime in seconds (typically 86,399 seconds / ~24 hours)
  • token_type: Always "bearer" for our APIs

Best Practices:

  • Cache the access token and its expiration time
  • Implement automatic token renewal when nearing expiration
  • Handle 401 responses by requesting a new token and retrying the request
  • Store tokens securely (never log or expose them in client-side code)

Step 2: Call the API

Once you have an access token, include it in the Authorization header of your API requests as a Bearer token.

Interactive Tools

Visit our API Specifications page to test authentication via the browser UI or generate implementation code in your preferred programming language.

curl -X GET 'https://api.pj.nu/echo' \
  --header 'Accept: */*' \
  --header 'Authorization: Bearer ACCESS_TOKEN'