Site Home
Guides
LoginTry for Free

Getting Access Tokens to Test Wristband APIs

Suggest Edits

In Wristband, access tokens are the primary way to authenticate API requests. Before calling a protected API, you’ll typically need to generate one. This tutorial shows how to create access tokens for manual use with tools like cURL or Postman.

Step 1: Create an OAuth 2 Client

Log in to the Wristband dashboard. From the home page, select the application that the OAuth 2 client should be provisioned under.

📘

Note

Clients can only access resources within the application they were provisioned for. When creating a client for testing API calls, be sure to create it under the application that owns the resources you need to access.

Select Application

Once inside the Application View, select "OAuth2 Clients" from the left navigation menu, then click the "Add Client" button.

OAuth2 Clients Menu

On the create client modal, select "Machine (M2M)" as the client type. Next, enter a name for the client, then click the "Create" button.

Create Client Modal

You'll immediately be shown the client ID and client secret associated with the newly created client. Copy the client secret, as it's only displayed once after creation, and you'll need it to generate an access token later.

Client ID and Secret

Step 2: Assign a Role to the OAuth 2 Client

Most APIs within Wristband require the subject accessing the API to have specific permissions granted to them. Therefore, for the OAuth 2 client to call Wristband's APIs, it must be assigned a role with the correct permissions. In this tutorial, we'll assign the predefined "Application Admin Client" role to the OAuth 2 client, which contains all the permissions needed to call any API.

📘

Note

The "Application Admin Client" role is useful for testing when you need to call any API. In production, however, follow the principle of least privilege and assign only the minimum permissions required by the OAuth2 client.

After closing the modal, select the created client from the table in the Clients UI to enter the Edit Client UI. Once inside, scroll down until you reach the "Roles" section. In the "Assigned Roles" dropdown, select "Application Admin Client" and then click the "Save" button.

Assign Role

Step 3: Generate an Access Token

While still on the Edit Client UI page, scroll up to the "Generate Access Tokens" section. Here, you will need to paste in the client secret that you copied earlier. Then, click the "New Token" button.

Generate Token

A modal will pop up and reveal your brand new access token value. Copy that off somewhere safe - this is what you need to make API requests.

Access Token

Using the Access Token to Make API Requests

To use the access token to authenticate API calls, include the access token in the Authorization header of your HTTP requests, using the Bearer authentication scheme. Below are some examples showing how to make authenticated API calls using cURL and Postman.

cURL

Below is an example of how to pass the access token to the Get User API when using cURL:

curl --request GET \
  --url https://yourapp-wristband.us.wristband.dev/api/v1/users/a3u2ixfpkvdkxcvtoidbhc5tly \
  --header 'Accept: application/json' \
  --header 'Authorization: Bearer eyJraWQiOiJiZWE0ejc0YzJmZmFqbzR4Y25lcWxhcnZ6eSIsInR5cCI6ImF0K0pXVCIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjYXk1a2NzbmZuYTd0Zm5wc3hxamt0cnNmNCIsInZhbl9kb20iOiJ5b3VyYXBwLXdyaXN0YmFuZC5kZXYud3Jpc3RiYW5kLmRldiIsImlzcyI6Imh0dHBzOlwvXC95b3VyYXBwLXdyaXN0YmFuZC5kZXYud3Jpc3RiYW5kLmRldiIsInN1Yl9raW5kIjoiYXBwbGljYXRpb25fY2xpZW50IiwiZXhwIjoxNjk0NjY3NTk3LCJhcHBfaWQiOiJueDNjeHQ1ZmdyZnlkbXJoYmhiaXRvYW02ZSIsImlhdCI6MTY5NDU4MTE5NywianRpIjoic2llYXp0anF0emVsZmhxZDJrZHEyZHdnNWEiLCJjbGllbnRfaWQiOiJjYXk1a2NzbmZuYTd0Zm5wc3hxamt0cnNmNCJ9.tS2sxxHL9--gXPjL3p6PStDmFBbRe-vMdyBYRFKWhNvRWKe8GNP61xe55TrNoElbkfxpGvoqJlv83torqkYbMwDxdWEa14dr5XiavbrL21pH3zm65tXfZM8gDAVXdQLFMwjTGRjpy5yS0LDy0QockUYaRBZdZmZEgI0zOG2x_DHxaDxBsyqTNPOjnfV0gX4m8CzYGe6GQU4JSyOHTe8iJ8feGiW_HnTOnvwq9VuzJdSbvelpxb6ZTuAoLxnT0DOMY0jZpUZahD6bpoJohMT4EgoXhW8Ok3qV4IQ2-7ZRZNh2MIhWnmc203yUNCiYDFvyyxB0DYbWvbd08G_PBU1AUA'

Postman

Below is an example of how to pass the access token to the Get User API when using Postman. Assuming you have a collection and request set up for the Get User API, you can click on the tab navigation for "Authorization". There, you can find a dropdown select menu for authorization type. Select "Bearer Token" as the value.

Authorization in Postman

Now you should see a "Token" input field appear. Paste your access token value there. After doing so, you will be able to successfully complete your API request when you click the "Send" button.

Token Input Field

Updated 21 days ago