Authentication
Getting Started
Authentication
Learn how to authenticate API requests using access tokens obtained through the OAuth 2.0 flow.
Making Authenticated Requests
Include the access token in the Authorization header of your API requests:
API Request with Bearer Token
curl -X GET "https://api.orbitforms.ai/v1/forms" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json"Token Expiration
Access tokens expire after 1 hour
Use the refresh token to obtain a new access token without requiring the user to re-authorize.
To refresh an expired access token:
Refresh Token Request
curl -X POST "https://orbitforms.ai/oauth/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=refresh_token" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET" \
-d "refresh_token=YOUR_REFRESH_TOKEN"Authentication Errors
| Status | Error | Solution |
|---|---|---|
| 401 | invalid_token | Token is expired or invalid. Refresh the token. |
| 401 | token_expired | Use your refresh token to get a new access token. |
| 403 | insufficient_scope | Request additional scopes from the user. |
| 429 | rate_limited | Too many requests. Implement exponential backoff. |
Best Practices
Store tokens securely
Never expose tokens in client-side code or logs.
Proactively refresh
Refresh tokens before they expire to avoid interruptions.
Handle errors gracefully
Implement proper error handling for auth failures.