API Documentation

In-depth reference documentation for iQmetrix API's.

NAV

OVERVIEW

iQmetrix APIs are protected by OAuth2.

In order to make authorized requests to iQmetrix APIs, your application must first obtain an Access Token.

Postman

iQmetrix uses Postman when testing and debugging our APIs.

Click the button below to import the collection directly into Postman.

ENDPOINTS

RESOURCES

REQUESTS

Obtaining an Access Token

This request will allow you to use the access credentials you received in your onboarding package to get an Access Token.

Notes

Definition

POST /oauth2/token

Example Request

curl -X POST "https://accountsdemo.iqmetrix.net/v1/oauth2/token" -d grant_type=password&username=email@example.com&password=examplepassword&client_id=exampleclient&client_secret=examplesecret&

Request Parameters

Response Parameters

Example Response

HTTP 200 Content-Type: application/json
{
    "access_token": "3dae10c05e894011b5b3ae15972ffbf4",
    "expires_in": 43199,
    "refresh_token": "f8bk56n40f7gi34j49g7bh4n430gf874h"
}

Refreshing an Access Token

Instead of always using credentials, a client application may use the refresh token to obtain a new access token.

Notes

Definition

POST /oauth2/Token

Example Request

curl -X POST "https://accountsdemo.iqmetrix.net/v1/oauth2/Token" -d grant_type=refresh_token&client_id=exampleclient&client_secret=examplesecret&refresh_token=f8bk56n40f7gi34j49g7bh4n430gf874h&

Request Parameters

Response Parameters

Example Response

HTTP 200 Content-Type: application/json
{
    "access_token": "3dae10c05e894011b5b3ae15972ffbf4",
    "expires_in": 43199,
    "refresh_token": "f8bk56n40f7gi34j49g7bh4n430gf874h"
}

GET Access Token Information

The token info endpoint returns information about the access tokens that have been granted.

Definition

GET /oauth2/tokeninfo?access_token={Access_Token}

Example Request

GET /oauth2/tokeninfo?access_token=3dae10c05e894011b5b3ae15972ffbf4

URI Parameters

Response Parameters

Example Response

HTTP 200 Content-Type: application/json
{
    "issued_to": "ExampleClient",
    "audience": "ExampleClient",
    "scope": "IQ.User.2456",
    "expires_in": 43199
}

FAQ

What is the difference between user credentials and an Access Token?

iQmetrix APIs uses OAuth2 for authentication. In this flow, your application sends the end-user credentials (username-password), along with a client_id and client_secret to request an access token.

The end-user credentials are specific to a user account and provide an extra layer of security. The iQmetrix platform verifies your credentials and sends the Access Token in the response. An Access Token acts as a session ID that your application uses when making requests to the iQmetrix APIs.

I think my Access Token or Client Secret may have been compromised.

It is important to keep your Access Token and client credentials protected. If another user were to acquire your Access Token or client secret, then they could have the ability to call iQmerix APIs as if they were you. For example, an individual with your Access Token could see the employee profiles for your company.

If you think that your token has been compromised, you should refresh your Access Token. Refreshing your token will set the previous one as invalid. Please be aware that if you were to instead obtain a new Access Token, then the previous token would still be valid.

If you think that your client secret has been compromised, you should contact Support to reset your client secret

I received an invalid token when trying to use your APIs.

There are many reasons an invalid token could occur when requesting data from an API. The invalid token error returns in a HTTP 401 Unauthorized response in plain text format.

The most common occurences and remedies for an invalid token are below:

When trying to get a token, I see: The authorization grant type ‘ ‘ is not supported by the authorization server.

Please verify that the media (content) type is set to application/x-www-form-urlencoded, and that the request parameters are in the body of the request; not in the header.

My end-user account is locked out when obtaining an Access Token. Who do I contact?

If the end-user credentials used to obtain an access token are currently locked, contact your company administrator to unlock that end-user account.

ERRORS

HTTP Status Code Description How to Resolve
HTTP 400 unsupported_grant_type Ensure grant_type is set appropriately
HTTP 400 invalid_client Ensure client_id and client_secret are correct
HTTP 400 invalid_grant Ensure client credentials are correct. For a refresh token, ensure credentials are the same as those used to acquire the original access token
Was this page helpful?