Skip to main content
POST
/
auth
/
token
const formdata = new FormData();
formdata.append("username", "sam@abconsulting.com");
formdata.append("password", "password");
formdata.append("grant_type", "password");
formdata.append("client_id", "R9L25HMhvxp33N4ws2PYBqVTMclSnXKjdf8E4Mf");
formdata.append("client_secret", "NmwXR8KYjUnpqs2hwmHJHBLTNPV4x7DtZA5ScK");

const requestOptions = {
  method: "POST",
  body: formdata,
  redirect: "follow"
};

fetch("{{path}}/auth/token/", requestOptions)
  .then((response) => response.text())
  .then((result) => console.log(result))
  .catch((error) => console.error(error));

{
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expires_in": 2628288,
    "token_type": "Bearer",
    "scope": "read write",
    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
All API requests must be authenticated using a JWT token. Follow the steps below to generate your token:

Overview

Obtain a JSON Web Token (JWT) for subsequent API authentication

Endpoint Details

  • Method: POST
  • Endpoint: /auth/token/

Request

Request Parameters

Submit the following parameters as form-data in the request body:
client_id
string
required
Unique identifier for your organization, obtained from the API Credentials page
client_secret
string
required
Secret key for your organization, obtained from the API Credentials page
username
string
required
Your email address used for Wokelo login
password
string
required
Your account password used for Wokelo login
grant_type
string
required
Type of grant being requested (use "password" for credential-based authentication)

Response

Response Fields

On successful authentication (HTTP 200), the response will contain:
access_token
string
JWT for authenticated API access
expires_in
integer
Token validity duration in seconds
token_type
string
Type of authentication token
scope
string
Authorization scope of the token
refresh_token
string
Token used to obtain a new access token
  • Ensure the client_id and client_secret are kept confidential
  • Any token returned by the API is sensitive and should be stored securely. Wokelo tokens are long-lasting and should never be exposed on the client side.
  • The access token is time-limited; use the refresh token to obtain a new access token when it expires
  • Use HTTPS for all authentication requests
const formdata = new FormData();
formdata.append("username", "sam@abconsulting.com");
formdata.append("password", "password");
formdata.append("grant_type", "password");
formdata.append("client_id", "R9L25HMhvxp33N4ws2PYBqVTMclSnXKjdf8E4Mf");
formdata.append("client_secret", "NmwXR8KYjUnpqs2hwmHJHBLTNPV4x7DtZA5ScK");

const requestOptions = {
  method: "POST",
  body: formdata,
  redirect: "follow"
};

fetch("{{path}}/auth/token/", requestOptions)
  .then((response) => response.text())
  .then((result) => console.log(result))
  .catch((error) => console.error(error));

{
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expires_in": 2628288,
    "token_type": "Bearer",
    "scope": "read write",
    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}