Prior to making any requests, your client software must first obtain an authentication token.

Authentication tokens are used to grant access to permitted resources based on your Thinknum service subscription. The tokens have finite expiration times at which point you must re- authenticate in order to continue accessing the platform.

To authenticate, you must first obtain a client_id and client_secret from your assigned Thinknum account manager. Your client_secret must not be shared or exposed via publicly accessible resources (such as browser client-side scripting).

Authentication Request

To get an authentication token, submit a POST request to, with your client_id and client_secret. You are also required to specify the API version you are using.

POST /api/authorize HTTP/1.1

"version": "20151130", // The version of the REST API you are using
"client_id": "01234567890123456789", // Your 20 char public client id
"client_secret": "0123456789..." // Your 40 char client secret

Authentication Response

In response to your authentication request, the /api/authorize endpoint will provide you with:

  "auth_token": "abcdef...",
  "auth_expires": "20151201T132648Z"

You do not need to re-authenticate your requests until your token expires. It is advisable that your client software should track the token expiration date to avoid re-authenticating until necessary.

Your authentication token and client id will now grant your client software access to the rest of the Thinknum platform.