Access Reltio APIs
Users have to obtain tokens to be able to access their tenants. These tokens are used to make API requests on behalf of the user.
In Reltio, you can obtain Access token using any one of the following methods:
- Resource Owner Password grant type
- Client Credentials
- Authorization Code
Password Grant Type
The Password Grant Type is a method used to exchange a user's Reltio credentails for an Access token. For more information, see Obtain an Access Token for SSO users, and Obtaining an Access Token with Password Grant Type.
Client Credentials
The Client Credentials method is used when applications request an Access token to access their own resources, and not on behalf of a user. In this method, the client ID and client secret are used to obtain Access tokens. For more information, see Obtaining access tokens with client credentials grant type.
Authorization Code
The Authorization Code method uses an authorization code to obtain an Access token. When the user returns to the application through a redirect URL, the application will receive an authorization code from the URL and use it to request for an Access token. For more information, see Obtain an authorization code.
Important Information regarding tokens
Consider the following points about the Access tokens and Refresh tokens:
- Access tokens expire in one hour, by default.
- Refresh tokens expire in 28 days. So, if you are planning to use a Refresh token to get the Auth token, make sure you revoke the token (by using Revoke an access token ) before it expires. Log in again, obtain a new Refresh token, and use it to obtain the Auth token.
- If you have logged into another process (for example, Reltio UI) using the same login credentials, then the Access token obtained from this client may expire earlier than the default expiration time of 1 hour.
API Error Retries
There is no retry mechanism to handle auth token failure errors, except for the 429 error
for multi tokens. For more information, see Multi Token Support.