How to get an access token

Incode's platform includes two primary access control levels. The first level is the session token and it's scoped to an onboarding session. The second level is the executive token and this token provides access to any session, as well as privileged operations. Privileged operations include, but are not limited to operations such as, asynchronously fetching scores or other pieces of past session data, using our SMS endpoint, and fetching data after a webhook is received.

Session Tokens

A session token is returned by the omni/startAPI endpoint and is used for the immediate activities related to the Incode session it was generated for. For example, once calling the omni/start endpoint, the same token should be used to call subsequent capture and process API calls. The token returned in the omni/startresponse is used for the X-Incode-Hardware-Id header. The TTL (time to live) value of these tokens defaults to 90 days.

Executive Tokens

  • The executive token, also reffered to as an admin token, is generated from a user's password and email. The request body for the API call will like the following. You can find this information in your Incode delivery document. Supply the credentials associated with the environment that you are attempting to access data in. For example, when trying to fetch session images in the Demo environment, use your dashboard login credentials for the Demo environment. The TTL value of these tokens defaults to 24 hours.
{
"email": "[email protected]",
"password": "somePassword"
}

Response:

The response will be a token that you will use for the X-Incode-Hardware-Id header

token: String. Access token for future API calls

{  
"token": "eyJhbGciOasfasiJ9.eyJleHRl2OTg5NX0.zdbAC-kE-I71"  
}

Request Header

This is the standard request header that will be used for all API calls

  • api-version: This header is mandatory for each request. The value must be set to 1.0
  • x-api-key: This header is mandatory for each request. This is a client specific API key which should be issued by Incode. You can find this in your Incode delivery document
  • X-Incode-Hardware-Id: The value for this header is should be set after calling the omni/start endpoint or after calling the /executive/log-in endpoint