The RevCascade API uses OAuth2 to authenticate all clients over HTTPS.

Before getting started, make sure you have your OAuth2 Client ID & Client Secret from RevCascade. You should have one set of credentials for each environment. If you do not have credentials, please contact us.

Obtaining an OAuth Access Token

To obtain an access token, you will authenticate using the "Client Credentials" grant type. Please note that the request body should be x-www-form-urlencoded as shown below:

Sample Access Token Request

Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_id=[[ YOUR_CLIENT_ID ]]&client_secret=[[ YOUR_CLIENT_SECRET ]]

Sample Access Token Response

HTTP/1.1 200 OK
    "access_token": "0oW0r4m1pjIlb5UJujZA5iVuse0XSn",
    "token_type": "Bearer",
    "expires_in": 36000,
    "scope": "read write"
Including the Access Token in Requests

After you have obtained an access token, you may make requests to protected endpoints by including your access token in the "Authorization" header as shown below:

Sample GET Request for a protected resource

GET /v1/retailers/500/orders/
Authorization: Bearer 0oW0r4m1pjIlb5UJujZA5iVuse0XSn