Accessing Reltio APIs

Users have to obtain tokens to be able to access their tenants. These tokens are used to make API requests on behalf of the user.

In Reltio, you can obtain Access token using any one of the following methods:

  • Resource Owner Password grant type
  • Client Credentials
  • Authorization Code

Password Grant Type

The Password Grant Type is a method used to exchange a user's Reltio credentails for an Access token. For more information, see Obtaining an Access Token for SSO Users, Enable Client Secret JWT Authentication for Clients, and Obtaining an Access Token with Password Grant Type.

Client Credentials

The Client Credentials method is used when applications request an Access token to access their own resources, and not on behalf of a user. In this method, the client ID and client secret are used to obtain Access tokens. For more information, see Obtaining access tokens with client credentials grant type.

Authorization Code

The Authorization Code method uses an authorization code to obtain an Access token. When the user returns to the application through a redirect URL, the application will receive an authorization code from the URL and use it to request for an Access token. For more information, see Authorization Example.

Important Information regarding tokens

Consider the following points about the Access tokens and Refresh tokens:

  • Access tokens expire in one hour, by default.
  • Refresh tokens expire in 28 days. So, if you are planning to use a Refresh token to get the Auth token, make sure you revoke the token (by using /revoke API) before it expires. Log in again, obtain a new Refresh token, and use it to obtain the Auth token.
  • If you have logged into another process (for example, Reltio UI) using the same login credentials, then the Access token obtained from this client may expire earlier than the default expiration time of 1 hour.

API Error Retries

There is no retry mechanism to handle auth token failure errors, except for the 429 error for multi tokens. For more information, see Multi Token Support.