Get Started

Authentication

Get started with the Ottimate API

The Ottimate API uses OAuth2 Client Credentials with an API Key. Both the X-API-Key and Authorization: Bearer headers are required on all API requests.

Getting Started

Step 1: Account Onboarding

Ensure your client account is properly onboarded with all features configured by Ottimate.

Step 2: Obtain API Key

Your Ottimate Partner Manager will provision an API Key for each client account. If you’re a system integrator working with multiple clients, each account will have a separate key.

Step 3: Create OAuth Application

Currently, your Ottimate Partner Manager will create OAuth application and provide you with:

  • Client ID
  • Client Secret
Keep your Client Secret secure. Never expose it in client-side code or version control.

Step 4: Request Access Token

Exchange your credentials for an access token:

$curl -X POST https://sandbox-api.ottimate.com/v1/oauth/token \
>  -H "X-API-Key: YOUR_API_KEY" \
>  -H "Content-Type: application/x-www-form-urlencoded" \
>  -d "grant_type=client_credentials" \
>  -d "client_id=YOUR_CLIENT_ID" \
>  -d "client_secret=YOUR_CLIENT_SECRET" \
>  -d "scope=accounts.can_access_dashboard"

Response:

1{
2  "access_token": "Ou1iHg7dBwcUdAugFU1vbWQjXWAwhg",
3  "expires_in": 31536000,
4  "token_type": "Bearer",
5  "scope": "accounts.can_access_dashboard"
6}
Currently, only the accounts.can_access_dashboard scope is supported.

Making API Requests

Include both headers in all requests:

$curl -X GET https://sandbox-api.ottimate.com/v1/vendors \
>  -H "X-API-Key: YOUR_API_KEY" \
>  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Environments

EnvironmentBase URL
Sandboxhttps://sandbox-api.ottimate.com/v1
Productionhttps://api.ottimate.com/v1

Token Management

Access tokens expire after the duration specified in expires_in. Cache your token and request a new one when it expires or when you receive a 401 Unauthorized response.