Refer to the Authentication Guide for the recommended process.

This API allows you to create or retrieve an access token and refresh token using your Compliancely account username and password. The access_token provided must be included in the Authorization header as a Bearer for all subsequent API requests, as shown below

--header 'Authorization: Bearer {{access_token}}'

Request & Response Format

curl --location '{{base_url}}/api/v2/token/' \
--header 'Content-Type: application/json' \
--data-raw '{
    "username": "<username>",
    "password": "<password>"
}'

{
    "access": "<access_token>",
    "access_expiry_seconds": <expires_in_seconds>,
    "refresh": "<refresh_token>",
    "refresh_expiry_seconds": <expires_in_seconds>
}

Validity

The access_token is valid for 1 hour. After it expires, you can use the Access Token by Refresh Token endpoint to obtain a new access_token.
The refresh_token remains valid for 24 hours.

Recommendation: Use the refresh token after the access_token expires to enhance overall security.

Throttling

This API enforces throttling, allowing a maximum of 10 requests per minute (RPM). If you exceed this limit, the following error will be returned, and you will need to wait 10 minutes before retrying.

{  
    "detail": "Your request has been throttled due to exceeding the allowed rate limit. Please wait for 10 minutes before trying again. If this issue persists, consider adjusting the request frequency or contact support for further assistance."  
}