Skip to main content
Before you can use the GBG GO API, you must authenticate your request. This involves exchanging your API client credentials for an access token, which must be included in every API call.

​
What you need

Before requesting an access token, make sure you have created an API client and have the following credentials:
  • Client ID: Identifies your API client.
  • Client secret: A secure key generated when you create the API client.
You create API clients in the Clients tab of the Account management portal. See Manage API clients for instructions.

​
Request an access token

To get your access token, send a POST request to the token endpoint using the client_credentials grant type. You can send a request like this:
BASH
curl --request POST \
  --url https://api.auth.gbgplc.com/as/token.oauth2 \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data 'grant_type=client_credentials' \
  --data 'client_id=your-client-id' \
  --data 'client_secret=your-client-secret' \
  --data 'scope=gbg.token'
If your request is successful, the API will return a response in this format:
JSON
{
  "access_token": "your-access-token",
  "token_type": "Bearer",
  "expires_in": 3600
}
Store your access token securely and refresh it when it expires. Refer to the Generate access token API reference for details on the request and response definitions.