Authentication

EverReal

Website Sign Up Support

Search…

Introduction

Authentication

EverReal implements OAuth 2.1 authentication standard on top of its APIs. Before you can use our SSO API, everreal has to generate a client_id and client_secret for the SSO.

Requirements
EverReal supports jwt tokens using Bearer token according to RFC-7519. This allows us to protect our information and make sure, who is requesting has correct authorization to execute the operation.
post
https://{custom_subdomain}.everreal.co
/accounts/oauth/token
Authentication
​
Make sure to store the refresh_token securely.
Currently the refresh_token has an expiration between 4 weeks and 2 years, it is configurable
by EverReal for each customer. After it expires you need to re-authenticate with username and
password
The access_token expires by default every hour, but also can be configurable by EverReal to
have another expiration time (it is described by the expires_in property). Use the
refresh_token to generate a new one if you get an unauthorized response
​
Bellow you can see some examples to get token correctly.
Bash
C#(RestSharp)
JS
Python
curl --location --request POST 'https://{custom_subdomain}.everreal.co/accounts/oauth/token' \
--header 'Content-Type: application/json' \
--header 'Cookie: accept-language=de-DE' \
--data-raw '{ 
"username": "[email protected]", 
"password": "Password", 
"client_id": "<Client_iD>", 
"client_secret": "<Client Secret>", 
"scope": "offline_access *", 
"grant_type": "password" 
}'
var client = new RestClient(quot;https://{custom_subdomain}.everreal.co/accounts/oauth/token");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Cookie", "accept-language=de-DE");
var body = @"{ 
" + "\n" +
@"""username"": ""[email protected]"", 
" + "\n" +
@"""password"": ""Password"", 
" + "\n" +
@"""client_id"": ""<Client_iD>"", 
" + "\n" +
@"""client_secret"": ""<Client Secret>"", 
" + "\n" +
@"""scope"": ""offline_access *"", 
" + "\n" +
@"""grant_type"": ""password"" 
" + "\n" +
@"}";
request.AddParameter("application/json", body,  ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);
var axios = require('axios');
var data = JSON.stringify({
  "username": "[email protected]",
  "password": "Password",
  "client_id": "<Client_iD>",
  "client_secret": "<Client Secret>",
  "scope": "offline_access *",
  "grant_type": "password"
});
​
var config = {
  method: 'post',
  url: `https://{custom_subdomain}.everreal.co/accounts/oauth/token`,
  headers: { 
    'Content-Type': 'application/json', 
    'Cookie': 'accept-language=de-DE'
  },
  data : data
};
​
axios(config)
.then(function (response) {
  console.log(JSON.stringify(response.data));
})
.catch(function (error) {
  console.log(error);
});
​
import requests
import json
​
url = "https://{custom_subdomain}.everreal.co/accounts/oauth/token"
​
payload = json.dumps({
  "username": "[email protected]",
  "password": "Password",
  "client_id": "<Client_iD>",
  "client_secret": "<Client Secret>",
  "scope": "offline_access *",
  "grant_type": "password"
})
headers = {
  'Content-Type': 'application/json',
  'Cookie': 'accept-language=de-DE'
}
​
response = requests.post(url, headers=headers, data=payload)
​
print(response.text)
 client_id and client_secret are parameter provided by EverReal
post
https://{custom_subdomain}.everreal.co
/accounts/oauth/token
Refresh token in case it expires
Use the access_token to authenticate to any protected endpoint by passing it to the “Authorization” header like this: “Authorization: Bearer MY_ACCESS_TOKEN”
get
https://{custom_subdomain}.everreal.co
/accounts/api/users/me
User information

Introduction

Data Imports

Last modified 11mo ago

Copy link

Outline

Refresh token in case it expires

get

User information