version 1.4

2.1 Introduction

To interact securely with the Matter Partner API, you must first authenticate by obtaining an access token. This token acts as a digital key, granting authorised access to the API's endpoints and resources. Every API call requires a valid token, which ensures that only authenticated users can perform operations or retrieve data.

The authentication process begins by making a request to our token endpoint using the provided client credentials — your unique client ID and client secret. The access token you receive will be valid for 3600 seconds (one hour), after which a new token must be requested. This approach adheres to industry-standard security practices and ensures that your data remains protected throughout the session.

Endpoint

To request an access token, make a POST request to the following endpoint. This endpoint handles the authentication process and issues an access token that must be included in the Authorization header of all subsequent API requests.

Endpoint
https://api.thisismatter.com/auth/v1/token

Request method

The POST method is used to securely transmit your client ID and client secret to request an access token. This ensures sensitive information is sent safely over HTTPS, adhering to best practices for creating new authentication tokens.

Method
POST

Request

Include your API key in the request headers using the Authorization header field. Use the Basic authentication scheme with the client id and the client secret that can be found on our platform (See 1.1 Prerequisites):

Header
BasicAuth([client_id], [client_secret])

Response

Upon a successful request, the API will return a JSON-encoded response containing the following fields:

{
	'access_token': '[token]',
	'expires_in': 3600,
	'token_type': 'Bearer'
}

Token response

This table represents the details of the fields included in the response when requesting an access token from an API. Each field provides specific information required to authenticate and interact with the API.

access_token The access token to be used in subsequent API calls. String
expires_in Seconds the token is valid in. This is always 3600 seconds. Integer
token_type The type of token. This is always ‘Bearer’. String

2.2 Using authentication

All subsequent requests should include the token in the request header.

Header
Authorization: Bearer {auth_token}
Useful links
Request platform accessList of metrics (.zip)