š Authentication
To access the Questback Public API, you must authenticate using a Bearer token. This token acts as a secure credential and must be included in the Authorization header of every request. Bearer tokens are commonly used in OAuth 2.0 and provide a safe, token-based mechanism to prove your identity without repeatedly sending credentials.
ā ļø Bearer tokens grant access to protected resources. Handle them with care.
š Keep Your Token Safe
- Never expose your token in:
- Public code repositories (e.g., GitHub)
- Client-side JavaScript or browser storage
- Unsecured environments or logs
Tokens should only be stored securely and accessed by trusted backend services.
š¤ Example Request Using a Bearer Token
Include the Bearer token in the Authorization header of your request:
GET https://api.questback.com/v1/<RESOURCE>
Authorization: Bearer <YOUR_SECRET_TOKEN>
This header ensures that your request is authenticated and authorized.
š ļø Obtaining a Bearer Token
To authenticate with the Questback Public API, first obtain a Bearer token by sending a POST request to the token endpoint using the Client Credentials Grant.
To receive your
client_idandclient_secret, contact the account owner for setting up the API Login.
š Token Request
POST https://auth.questback.com/oauth/v2/token
Content-Type: application/x-www-form-urlencoded
Request body:
{
"grant_type": "client_credentials",
"client_id": "CLIENT_ID",
"client_secret": "CLIENT_SECRET",
"scope": "urn:zitadel:iam:org:project:id:314876184947078893:aud"
}
ā Successful Response
If the request is valid, the response will include an access_token:
{
"access_token": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 3600
}
Use the access_token value in the Authorization header for all subsequent requests.
š More Information
For more about Bearer authentication and OAuth 2.0, refer to:
