Get an access token

To call the Data Access API, include an access token in every request.

To get an access token, first create an API client in Pricing Plus. Then get a token in one of the following ways:

• Generate a token in Pricing Plus

• Request a token by sending a POST request

Note

Access tokens expire in 60 minutes. Cache the token and reuse it until it expires instead of requesting a new token for every API call.

Before you begin

Make sure that:

• You can sign in to Pricing Plus

• You have the Admin role in the app

Create an API client

Before you can generate an access token, create an API client in Pricing Plus.

1. Sign in to Zilliant at https://login.myzilliant.com.

2. In the left navigation panel, select Settings to view the Admin Configuration page.

3. Select API Clients, then select Add Client.

4. Enter client name and description.

5. From the Client Permission dropdown, select Read Data Access API.

6. Select Add.

7. Copy the Client ID and Client Secret and save them in a secure location, such as a password manager.

8. Select Done.

You need the client ID and client secret to get an access token.

Generate a token in the app

Use this method for manual testing or for exploring the API.

1. In Pricing Plus, select Settings > API Clients.

2. On the client row, select Generate Token.

3. Enter the Client Secret, then select Generate Token.

4. Copy the token, then select Done.

When you call the Data Access API, include this token in the Authorization header as a bearer token:
Authorization: Bearer <access_token>

Request a token by sending a POST request

Use this method when your integration needs to get a token automatically without user interaction.

This is the recommended approach for automated jobs, such as scheduled daily or weekly data pulls.

Send the token request

Send a POST request to the following endpoint:
https://auth.{yourApiHost}/oauth2/token

The request must:

• Use the POST method

• Include API host for your customer environment

• Include the Content-Type: application/json header

• Include your API client ID and secret

Request body fields

Include these fields in the JSON request body:

• client_id—Your API client ID from Pricing Plus.

• client_secret—Your API client secret from Pricing Plus.

• grant_type—The OAuth grant type. Set this parameter to client_credentials.

Example request

curl --request POST \
  --url https://auth.myzilliant.com/oauth2/token \
  -H 'Content-Type: application/json' \
  -d '{
    "client_id": "<api_client_ID>",
    "client_secret": "<api_client_secret>",
    "grant_type": "client_credentials"
  }'

Use the access token

The token request sends your client credentials to the authentication service and returns a bearer token.

Include the token in the Authorization header of each Data Access API request:
Authorization: Bearer <access_token>

Cache tokens

Do not request a new access token for every API call. Instead, cache the token and reuse it until it expires. This reduces unnecessary token requests and makes your integration more efficient.

Your caching strategy depends on how your application runs:

• If your integration runs as a single process, an in-memory cache is usually enough.

• If your integration runs across multiple containers or instances, use a shared distributed cache, such as Redis.

When the token expires after 60 minutes, regenerate it to send further API requests.