Authentication
EverReal implements OAuth 2.1 authentication standard on top of its APIs. Before you can use our SSO API, everreal has to generate a client_id and client_secret for the SSO.

Requirements

EverReal supports jwt tokens using Bearer token according to RFC-7519. This allows us to protect our information and make sure, who is requesting has correct authorization to execute the operation.
post
https://{custom_subdomain}.everreal.co
/accounts/oauth/token
Authentication
  • Make sure to store the refresh_token securely.
  • Currently the refresh_token has an expiration between 4 weeks and 2 years, it is configurable
    by EverReal for each customer. After it expires you need to re-authenticate with username and
    password
  • The access_token expires by default every hour, but also can be configurable by EverReal to
    have another expiration time (it is described by the expires_in property). Use the
    refresh_token to generate a new one if you get an unauthorized response
Bellow you can see some examples to get token correctly.
Bash
C#(RestSharp)
JS
Python
curl --location --request POST 'https://{custom_subdomain}.everreal.co/accounts/oauth/token' \
--header 'Content-Type: application/json' \
--header 'Cookie: accept-language=de-DE' \
--data-raw '{
"username": "[email protected]",
"password": "Password",
"client_id": "<Client_iD>",
"client_secret": "<Client Secret>",
"scope": "offline_access *",
"grant_type": "password"
}'
var client = new RestClient(quot;https://{custom_subdomain}.everreal.co/accounts/oauth/token");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Cookie", "accept-language=de-DE");
var body = @"{
" + "\n" +
@"""username"": ""[email protected]"",
" + "\n" +
@"""password"": ""Password"",
" + "\n" +
@"""client_id"": ""<Client_iD>"",
" + "\n" +
@"""client_secret"": ""<Client Secret>"",
" + "\n" +
@"""scope"": ""offline_access *"",
" + "\n" +
@"""grant_type"": ""password""
" + "\n" +
@"}";
request.AddParameter("application/json", body, ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);
var axios = require('axios');
var data = JSON.stringify({
"username": "[email protected]",
"password": "Password",
"client_id": "<Client_iD>",
"client_secret": "<Client Secret>",
"scope": "offline_access *",
"grant_type": "password"
});
var config = {
method: 'post',
url: `https://{custom_subdomain}.everreal.co/accounts/oauth/token`,
headers: {
'Content-Type': 'application/json',
'Cookie': 'accept-language=de-DE'
},
data : data
};
axios(config)
.then(function (response) {
console.log(JSON.stringify(response.data));
})
.catch(function (error) {
console.log(error);
});
import requests
import json
url = "https://{custom_subdomain}.everreal.co/accounts/oauth/token"
payload = json.dumps({
"username": "[email protected]",
"password": "Password",
"client_id": "<Client_iD>",
"client_secret": "<Client Secret>",
"scope": "offline_access *",
"grant_type": "password"
})
headers = {
'Content-Type': 'application/json',
'Cookie': 'accept-language=de-DE'
}
response = requests.post(url, headers=headers, data=payload)
print(response.text)
client_id and client_secret are parameter provided by EverReal
post
https://{custom_subdomain}.everreal.co
/accounts/oauth/token
Refresh token in case it expires
Use the access_token to authenticate to any protected endpoint by passing it to the “Authorization” header like this: “Authorization: Bearer MY_ACCESS_TOKEN”
get
https://{custom_subdomain}.everreal.co
/accounts/api/users/me
User information