logo

    Authentication

    API Key Authentication

    ReshScore's API key authentication is the simplest way to authenticate API requests. After generating an API key from your dashboard, you can include it in the HTTP headers of your request to access the API endpoints.

    Steps to authenticate with an API key:

    1. Generate an API Key: Log into your account on ReshScore and navigate to the 'API' section. Generate a new API key.
    2. Add the API Key to Your Request Headers: Include the API key in your request's 'Authorization' header like so:
    Authorization: Bearer YOUR_API_KEY

    Example of a curl request using the API key:

    curl -X GET 'https://api.reshscore.com/v1/credit-score/{userId}' \
-H 'Authorization: Bearer YOUR_API_KEY'

    Important: Keep your API key private. Do not expose it in public repositories or share it with others. If your API key is compromised, regenerate it immediately in your dashboard.

    OAuth2 Authentication

    For more secure and scalable authentication, ReshScore supports OAuth2, a widely used authentication framework that allows secure authorization for accessing resources without sharing credentials.

    Steps to authenticate using OAuth2:

    1. Register your application: In the ReshScore dashboard, register your application to get a client ID and client secret.
    2. Request an access token: Make a POST request to the OAuth2 token endpoint using your client ID and secret to receive an access token.

    Example request:

    curl -X POST 'https://api.reshscore.com/oauth/token' \
-d 'client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=client_credentials'
    1. Use the access token: Include the access token in your request headers like so:
    Authorization: Bearer ACCESS_TOKEN

    Example of a curl request with OAuth2:

    curl -X GET 'https://api.reshscore.com/v1/credit-score/{userId}' \
-H 'Authorization: Bearer YOUR_ACCESS_TOKEN'

    Note: Access tokens are temporary and must be refreshed when they expire.

    Token Expiration and Refresh

    Access tokens obtained via OAuth2 have a limited lifespan for security reasons. When a token expires, you must refresh it to continue accessing the API.

    How to know when a token expires:

    • The API will return a 401 Unauthorized response when your access token has expired.
    • The expiration time is included in the token response as the expires_in field, which specifies the number of seconds the token is valid.

    Steps to refresh a token:

    1. When the access token expires, make a POST request to the OAuth2 token endpoint using your refresh token to obtain a new access token.

    Example request:

    curl -X POST 'https://api.reshscore.com/oauth/token' \
-d 'client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=refresh_token&refresh_token=YOUR_REFRESH_TOKEN'
    1. Use the new access token in your subsequent API requests.

    Best Practices:

    • Always store both the access token and refresh token securely.
    • Refresh the token before it expires to prevent interruption in API calls.
    • Regularly monitor token expiration and handle it gracefully in your code to avoid downtime.

    Error Handling in Authentication

    Authentication errors can occur for several reasons, such as expired tokens, invalid API keys, or missing credentials. Here’s how to handle common authentication errors.

    1. 401 Unauthorized:

    • Cause: This error usually occurs when the API key or access token is missing, invalid, or expired.
    • Solution: Ensure that the correct API key or access token is included in the 'Authorization' header. If using OAuth2, refresh the access token if it has expired.

    2. 403 Forbidden:

    • Cause: This occurs when the authenticated user does not have permission to access the requested resource.
    • Solution: Check the user's permissions and ensure they are authorized to access the specific endpoint.

    3. 400 Bad Request:

    • Cause: This is caused by an invalid or improperly formatted request.
    • Solution: Double-check the request syntax, parameters, and headers to ensure they are correct.

    4. 500 Internal Server Error:

    • Cause: This usually indicates an issue on the server side.
    • Solution: Contact support if this error persists. In most cases, the issue will be resolved automatically.

    Best Practices for Error Handling:

    • Implement retries with exponential backoff for transient errors.
    • Log all API errors with details for debugging and tracking.
    • Regularly monitor your API usage and ensure that all tokens and credentials are up-to-date.
    Getting StartedEndpoints Overview