🚀 Quick Start

This guide helps you get up and running with the Questback Public API.
You'll learn how to obtain credentials, authenticate, and make your first API call.

✅ Prerequisites

Before you begin, ensure you have the following:

• OAuth Credentials: A Client ID and Client Secret.
• HTTP Client: Any REST-capable tool such as curl, Postman, or your preferred development environment.
• Basic Knowledge: Familiarity with RESTful APIs and OAuth 2.0 authentication flows.

🔐 Obtaining OAuth Credentials

To access the API, you'll need a set of valid OAuth credentials.

1. Get Credentials from the Account Owner or Support:
   The account owner should have access to a Client ID and Client Secret.
   Alternatively, they can generate a test token for you to use.

2. Store Credentials Securely:
   Keep your credentials secure. You'll need them to request an access token.

If you are familiar with Postman use the quick start Api Tools - Postman
This will get you jump started with ready made requests to the endpoints available.
Postman guide will explain all you need to know to start testing the endpoints.

🎟️ Create an Access Token

If you have obtained your OAuth credentials you can now request an access token from the OAuth server.

in the command below replace the following variables with your personal credentials.

• YOUR_CLIENT_ID - e.g. 176917055578665108
• YOUR_CLIENT_SECRET - e.g. ytYTxWALdgBnxREAoc7zyd1X5jrYFrk6nFjYyQ6Jr7CcIEvFpTsYybMrcZ7vXAwE

Command to create a token (using curl)

curl -X POST "https://auth.questback.com/oauth/v2/token" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=client_credentials&scope=urn:zitadel:iam:org:project:id:314876184947078893:aud&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET"          

Expected Response

YOUR_ACCESS_TOKEN in the response below is expected to be random characters, similar to: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSM

💡 Note: Save the value for access_token in the response you get — you’ll need it for all subsequent API calls.

{
  "access_token": "YOUR_ACCESS_TOKEN",
  "token_type": "Bearer",
  "expires_in": 43199
}

🧪 Making Your First API Call

Use the command below to verify your token is valid and get the list of quests you have access.
In the command below replace the variable YOUR_ACCESS_TOKEN with the value for access_token from the previous response.
Note! ommit quotes (") from the access_token value.

Command to request accessible quests

curl -X GET "https://api.questback.com/v1/quests" -H "Authorization: Bearer YOUR_ACCESS_TOKEN"          

🔓 Gaining Access to Real Quests

Access to most API endpoints requires permission to specific quests.

• The /quests endpoint lists all quests you currently have access to.
• If this list is empty, the account owner must grant access to quest(s) via the API Login.
• Access is required per quest — if a quest is not returned from /quests, you cannot interact with it through the API.

🧭 Exploring the API Reference

You can explore and test endpoints interactively via the API Reference:

To test an endpoint:

1. Go to the API Reference
2. Select the endpoint you want to test.
3. Click Test Request
4. In the Authentication section, enter your access_token in the Bearer Token field.
5. Fill in any required input fields.
6. Click Send

With these steps, you're ready to begin working with the Questback Public API!