Skip to main content

Authorization

The Standards API is protected with OAuth 2.0 and supports interactive and service login for retrieving access tokens. For both scenarios, you will need an API key which can be created from your workspace settings page in the Standards app.

Service login

Service login uses the client credentials OAuth flow to retrieve an access token without user interaction. To perform this action, POST a request to the Standards OAuth server’s token endpoint at https://api.standards.site/oauth/token with form encoding and these fields:
  • grant_type For service login, this should be set to client_credentials
  • resource This is a URL in the format https://api.standards.site/workspace/$WORKSPACE_ID where $WORKSPACE_ID is the id of the workspace for which access is being requested. Your id can be taken from the URL of your workspace when logged in to the Standards app. As an example, the URL may be https://app.standards.site/workspace/2e8cbaff83a in which case $WORKSPACE_ID is 2e8cbaff83a
  • client_id The ID you were given after creating an API key to identify the API key to use for authentication
  • client_secret The secret value for the same API key
The server will respond with a JSON object containing these properties:
  • access_token A string containing the access token to send in the Authorization header as a bearer token in API requests
  • token_type This will always be the string Bearer, indicating access_token is to be used as a bearer token
  • expires_in The number of seconds the token can be used before a new one will need to be retrieved
  • scope A space separated list of scopes that have been granted for the token, as defined by the API key
  • resource The resource the token is authorized to access, which matches the resource sent with the request

Interactive login

Coming soon

Testing the API

To retrieve an access token for testing, use one of the following commands depending on your platform. You will be prompted to enter the Workspace ID, Client ID, and Client Secret and the full JSON response, including the access token will be printed. 
printf "Workspace ID: "; read WORKSPACE_ID
printf "Client ID: "; read CLIENT_ID
printf "Client Secret: "; read -s CLIENT_SECRET; echo
curl -sS -X POST "https://api.standards.site/oauth/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  --data-urlencode "grant_type=client_credentials" \
  --data-urlencode "client_id=$CLIENT_ID" \
  --data-urlencode "client_secret=$CLIENT_SECRET" \
  --data-urlencode "resource=https://api.standards.site/workspace/$WORKSPACE_ID"
This access token can be used in the API reference to explore the various endpoints. From the reference page for any endpoint, click the try it button to open a dialog where you can paste the access token, set any other required paramaters, send the request, and see the response. All requests will require the workspace ID, requests for project information will require the project id, and requests for page information will require the page id.
  • workspace-id This is the same value that was used to retrieve the access token
  • project-id Use the list projects endpoint to retrieve the ids for all projects in the workspace
  • page-id Use the list pages endpoint to retrieve the ids for all pages in the project