Getting access tokens to test Wristband APIs

In Wristband, JWT access tokens are the primary means of authorization when attempting to access protected API resources. You can interact with any Wristband APIs in a programmatic way using tools such as cURL, Postman, or other command-line interfaces. In order to do so, you will need to first generate an access token which can be passed as a bearer token in the Authorization HTTP request header.

Generating Access Tokens

To generate access tokens, it is assumed that you have already done the following actions beforehand:

  1. You signed up for a Wristband account.
  2. You created an application in the Wristband dashboard.

Here are the steps to find where to generate access tokens.

Step 1: Navigate to OAuth2 Clients

Log into the Wristband dashboard. From the home page, select the application for which you want to test API calls:

Select Application

Once inside the Application View layout for your application, choose the "OAuth2 Clients" menu from the side navigation menu:

OAuth2 Clients Menu

Step 2: Create a Machine-to-Machine OAuth2 Client

Click the "Create Client" button. Once inside the modal, select the "Machine to Machine" client type at the top. Enter any name and description that you wish to give to this client, and then click the "Create" button.

Create Client Modal

You'll immediately be shown the client ID and client secret associated with the newly created client. Copy down the client secret somewhere safe -- you'll need this to generate access tokens.

Client ID and Secret

Step 3: Assign a Role to the OAuth2 Client

With Wristband's authorization model, roles and permissions can be assigned to OAuth2 Clients as well as Users. In order to allow this client the necessary permissions required to access APIs, you will need to assign it a role.

After closing the modal, select the new client from the table in the Clients UI to enter the Edit Client UI. Once inside, scroll down until you reach the "Roles" section. For convenience, Wristband provides an "Application Admin Client" role which grants full API access for everything under your application. Select that role and click the "Save" button.

Note: You can always create and assign other roles with different permissions at any time if you wish to restrict this client's access even further.

Assign Role

Step 4: Generate a Token

While still on the Edit Client UI page, scroll up to the "Generate Access Tokens" section. Here, you will need to paste in the client secret that you copied earlier. Then, click the "New Token" button.

Generate Token

A modal will pop up and reveal your brand new access token value. Copy that off somewhere safe -- this is what you need to make API requests.

Access Token

Making API Requests

The access token value should be placed in the Authorization header of your HTTP requests to the APIs you are trying to access. It should specify Bearer authentication as the HTTP authentication scheme.

cURL

Here is an example of how to pass the access token to the Get User API in the Wristband platform when using cURL:

curl --request GET \
  --url https://yourapp-wristband.us.wristband.dev/api/v1/users/a3u2ixfpkvdkxcvtoidbhc5tly \
  --header 'Accept: application/json' \
  --header 'Authorization: Bearer eyJraWQiOiJiZWE0ejc0YzJmZmFqbzR4Y25lcWxhcnZ6eSIsInR5cCI6ImF0K0pXVCIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjYXk1a2NzbmZuYTd0Zm5wc3hxamt0cnNmNCIsInZhbl9kb20iOiJ5b3VyYXBwLXdyaXN0YmFuZC5kZXYud3Jpc3RiYW5kLmRldiIsImlzcyI6Imh0dHBzOlwvXC95b3VyYXBwLXdyaXN0YmFuZC5kZXYud3Jpc3RiYW5kLmRldiIsInN1Yl9raW5kIjoiYXBwbGljYXRpb25fY2xpZW50IiwiZXhwIjoxNjk0NjY3NTk3LCJhcHBfaWQiOiJueDNjeHQ1ZmdyZnlkbXJoYmhiaXRvYW02ZSIsImlhdCI6MTY5NDU4MTE5NywianRpIjoic2llYXp0anF0emVsZmhxZDJrZHEyZHdnNWEiLCJjbGllbnRfaWQiOiJjYXk1a2NzbmZuYTd0Zm5wc3hxamt0cnNmNCJ9.tS2sxxHL9--gXPjL3p6PStDmFBbRe-vMdyBYRFKWhNvRWKe8GNP61xe55TrNoElbkfxpGvoqJlv83torqkYbMwDxdWEa14dr5XiavbrL21pH3zm65tXfZM8gDAVXdQLFMwjTGRjpy5yS0LDy0QockUYaRBZdZmZEgI0zOG2x_DHxaDxBsyqTNPOjnfV0gX4m8CzYGe6GQU4JSyOHTe8iJ8feGiW_HnTOnvwq9VuzJdSbvelpxb6ZTuAoLxnT0DOMY0jZpUZahD6bpoJohMT4EgoXhW8Ok3qV4IQ2-7ZRZNh2MIhWnmc203yUNCiYDFvyyxB0DYbWvbd08G_PBU1AUA'

Postman

Here is an example of how to pass the access token to the Get User API in the Wristband platform when using Postman. Assuming you have a collection and request set up for the Get User API, you can click on the tab navigation for "Authorization". There you can find a dropdown select menu for authorization type. Select "Bearer Token" as the value.

Authorization in Postman

Now you should see a "Token" input field appear. Paste your access token value there. After doing so, you will be able to successfully complete your API request when you click the "Send" button.

Token Input Field