Authentication Guide

Accessing the Wurl API requires your application to make authenticated requests.

This guide provides examples of granting access and making authenticated requests.

Obtaining a client token

An application can request an access token using its application_id and secret. This token will allow you to access the API without having to constantly provide your application's secret.

To retrieve the token, perform a POST to /oauth/token and provide the grant_type, client_id and client_secret parameters.

$ curl -X POST -d grant_type="client_credentials" \
   -d client_id=APPLICATION_ID \
   -d client_secret=SECRET \
   'https://api.wurl.com/oauth/token'

{
  "access_token":"b9c74646f3d896fd8b22f8c7b0242ec6465001fa5c559d2f71",
  "token_type":"bearer",
  "scope":"watch",
  "created_at":1491597287
}

Authenticate with a token

Once you have been granted an access token, you must provide the token for all requests.

The recommended method of providing your access token is via the Authorization header as a bearer token.

$ curl -H 'Authorization: Bearer ace9e2216d81159e76a4d4917a2d2afe888dd2349d408f2f' \
  'https://api.wurl.com/api'

If your HTTP Client does not allow you to specify the header, we also support passing your token via an access_token query parameter:

$ curl 'https://api.wurl.com/api?access_token=ace9e2216d81159e76a4d4917a2d2afe888dd2349d408f2f'

Typically using the access_token query parameter is useful for browsing the API in a browser.

In your application, we strongly recommend using the header because it allows you to utilize the URLs provided in API responses without having to append query parameters.

The Wurl API follows the Hypermedia pattern. Therefore, Wurl reserves the right to change the URL namespace and format. If you find yourself modifying the URLs in the API responses your client may become brittle to changes in URL structure unless it has very robust methods of modifying URLs.

Authentication Guide

Accessing the Wurl API requires your application to make authenticated requests.

This guide provides examples of granting access and making authenticated requests.

Obtaining a client token

An application can request an access token using its application_id and secret. This token will allow you to access the API without having to constantly provide your application's secret.

To retrieve the token, perform a POST to /oauth/token and provide the grant_type, client_id and client_secret parameters.

$ curl -X POST -d grant_type="client_credentials" \
   -d client_id=APPLICATION_ID \
   -d client_secret=SECRET \
   'https://api.wurl.com/oauth/token'

{
  "access_token":"b9c74646f3d896fd8b22f8c7b0242ec6465001fa5c559d2f71",
  "token_type":"bearer",
  "scope":"watch",
  "created_at":1491597287
}

Authenticate with a token

Once you have been granted an access token, you must provide the token for all requests.

The recommended method of providing your access token is via the Authorization header as a bearer token.

$ curl -H 'Authorization: Bearer ace9e2216d81159e76a4d4917a2d2afe888dd2349d408f2f' \
  'https://api.wurl.com/api'

If your HTTP Client does not allow you to specify the header, we also support passing your token via an access_token query parameter:

$ curl 'https://api.wurl.com/api?access_token=ace9e2216d81159e76a4d4917a2d2afe888dd2349d408f2f'

Typically using the access_token query parameter is useful for browsing the API in a browser.

In your application, we strongly recommend using the header because it allows you to utilize the URLs provided in API responses without having to append query parameters.

The Wurl API follows the Hypermedia pattern. Therefore, Wurl reserves the right to change the URL namespace and format. If you find yourself modifying the URLs in the API responses your client may become brittle to changes in URL structure unless it has very robust methods of modifying URLs.