All API requests must be sent over HTTPS.

Authentication is provided to API implementors via the NowForce Authentication Service. This service follows the Oauth2 specification and provides services for both web server based applications and browser based applications. 

Implementors will be assigned a orgid, username, password, client_id and client_secret value to associate with the implemented application. Authentication methods will utilize these in conjunction with user credentials to make requests for data.

A two step process allows an application to pass the user to the NowForce server for collection of user specific credentials. An authorization code is then issued which the application then exchanges for an access token. The access token is then passed as a parameter in further API data requests.

Retrieve Authorization Code

  1. URI:

  2. Body: grant_type=client_credentials&client_id={client_id}&client_secret={client_secret}

  3. Authorization: aBase64EncodeFunction({userName};{password})
    You can use to encode - make sure to put a semicolumn ; between the username and password 

  4. Response items: access_token

Example Request:

Body: grant_type=client_credentials&client_id=2F199911-58E2-455F-A474-7BBB74850AF7&client_secret=D728D73C-3AD6-4AF0-A63B-4D0A1037AA29

: application/x-www-form-urlencoded

Example Screenshots

Example Response:
  "access_token": "79bdabae-bab8-481d-b5e7-699f262725f3",
  "token_type": null,
  "Expires_in": 31536000,
  "IsLoggedin": false,
  "Error": null,
  "PasswordExpirationDays": 99999999,
  "LoginUrl": "",
  "ServerName": "LB",
  "DeviceId": null,
  "LdLoginId": null

You can now use the access_token with all API requests, see Methods and Playground

Did this answer your question?