Refer to the Authentication Guide for the recommended process.

This API allows you to create or retrieve an access token and refresh token using your Compliancely account username and password. The access_token provided must be included in the Authorization header as a Bearer for all subsequent API requests, as shown below

--header 'Authorization: Bearer {{access_token}}'

Request & Response Format

curl --location '{{base_url}}/api/v2/token/' \
--header 'Content-Type: application/json' \
--data-raw '{
    "username": "<username>",
    "password": "<password>"
}'

{
    "access": "<access_token>",
    "access_expiry_seconds": <expires_in_seconds>,
    "refresh": "<refresh_token>",
    "refresh_expiry_seconds": <expires_in_seconds>
}

Validity

The access_token is valid for 1 hour. After it expires, you can use the Access Token by Refresh Token endpoint to obtain a new access_token.
The refresh_token remains valid for 24 hours.

Recommendation: Use the refresh token after the access_token expires to enhance overall security.

Throttling

This API enforces throttling, allowing a maximum of 10 requests per minute (RPM). If you exceed this limit, the following error will be returned, and you will need to wait 10 minutes before retrying.

{  
    "detail": "Your request has been throttled due to exceeding the allowed rate limit. Please wait for 10 minutes before trying again. If this issue persists, consider adjusting the request frequency or contact support for further assistance."  
}

200Returns access and refresh token along with their expiry times in seconds.

400Error response containing a list of error objects

401Error response for invalid username or password

403Error response indicating an issue with the user's account

405Method not allowed error response.

415Error response for unsupported media type in the request

429Throttling error response indicating the rate limit has been exceeded.