Skip to main content
POST
https://api.pretectum.io
/
oauth2
/
token
Get Access Token
curl --request POST \
  --url https://api.pretectum.io/oauth2/token \
  --header 'Content-Type: application/json' \
  --data '
{
  "client_id": "<string>",
  "client_secret": "<string>"
}
'
{
  "access_token": "<string>",
  "expires_in": 123,
  "token_type": "<string>",
  "message": "<string>"
}
The Token endpoint allows you to obtain an access token by providing your client credentials. This token is required to authenticate all subsequent API requests.

Prerequisites

Before you can request an access token, you need:
  • Client ID: A unique identifier for your application
  • Client Secret: A secret key paired with your Client ID
To obtain your client credentials, contact the administrator of your Pretectum tenant. They will create an application client for you and provide the credentials.

Request

Send a POST request with your credentials in the request body.

Request Body

client_id
string
required
Your unique application client identifier. This is provided by your Pretectum tenant administrator.
client_secret
string
required
Your application client secret key. This is an encrypted value provided by your tenant administrator. Keep this value secure and never expose it in client-side code.

Example Request

curl -X POST https://api.pretectum.io/oauth2/token \
  -H "Content-Type: application/json" \
  -d '{
    "client_id": "your_client_id",
    "client_secret": "your_encrypted_client_secret"
  }'

Response

A successful request returns an access token that you can use to authenticate API requests.
access_token
string
required
The access token to use for authenticating API requests. Include this in the Authorization header of your requests.
expires_in
number
required
The number of seconds until the token expires. Request a new token before this time elapses.
token_type
string
required
The type of token issued. This will typically be “Bearer”, but note that when using this token with Pretectum APIs, you should not include the “Bearer” prefix.

Example Response

{
  "access_token": "eyJraWQiOiJ...",
  "expires_in": 3600,
  "token_type": "Bearer"
}

Using the Access Token

Once you have obtained an access token, include it in the Authorization header of your API requests.
Important: Unlike standard Bearer token authentication, you should pass the token directly in the Authorization header without the “Bearer” prefix.
# Correct usage (without Bearer prefix)
curl -X GET https://api.pretectum.io/dataobjects/search?query=John \
  -H "Authorization: eyJraWQiOiJ..."

# Incorrect usage (do not use Bearer prefix)
curl -X GET https://api.pretectum.io/dataobjects/search?query=John \
  -H "Authorization: Bearer eyJraWQiOiJ..."

Error Responses

message
string
A description of the error that occurred.

Common Errors

Status CodeDescription
401 UnauthorizedInvalid client credentials. Verify your client_id and client_secret are correct.
400 Bad RequestMissing required fields. Ensure both client_id and client_secret are provided.

Example Error Response

{
  "message": "Invalid client credentials"
}

Token Expiration

Access tokens have a limited lifespan (indicated by expires_in). When your token expires:
  1. Your API requests will return a 401 Unauthorized response
  2. Request a new token using the Token endpoint
  3. Update your Authorization header with the new token
Implement token refresh logic in your application to automatically request a new token before the current one expires.