π Authentication
To access the Questback Public API, you must authenticate using a Bearer token. This token acts as a secure credential and must be included in the Authorization header of every request. Bearer tokens are commonly used in OAuth 2.0 and provide a safe, token-based mechanism to prove your identity without repeatedly sending credentials.
β οΈ Bearer tokens grant access to protected resources. Handle them with care.
π Keep Your Token SafeCopied!
- Never expose your token in:
- Public code repositories (e.g., GitHub)
- Client-side JavaScript or browser storage
- Unsecured environments or logs
Tokens should only be stored securely and accessed by trusted backend services.
π€ Example Request Using a Bearer TokenCopied!
Include the Bearer token in the Authorization header of your request:
GET https://api.questback.com/v1/<RESOURCE> Authorization: Bearer <YOUR_SECRET_TOKEN>
This header ensures that your request is authenticated and authorized.
π οΈ Obtaining a Bearer TokenCopied!
To authenticate with the Questback Public API, first obtain a Bearer token by sending a POST request to the token endpoint using the Client Credentials Grant.
To receive your
client_idandclient_secret, please contact our support team.
π Token RequestCopied!
POST https://auth.questback.com/oauth/v2/token Content-Type: application/x-www-form-urlencoded
Request body:
{
"grant_type": "client_credentials",
"client_id": "CLIENT_ID",
"client_secret": "CLIENT_SECRET",
"scope": "urn:zitadel:iam:org:project:id:314876184947078893:aud"
}
β Successful ResponseCopied!
If the request is valid, the response will include an access_token:
{
"access_token": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 3600
}
Use the access_token value in the Authorization header for all subsequent requests.
π More InformationCopied!
For more about Bearer authentication and OAuth 2.0, refer to: