API Reference Overview

Authentication

OAuth2.0 authentication

Achieve more secure API authentication with OAuth 2.0 access tokens.

Access tokens are short lived. Typically, they will only last one hour. This is done to keep your data (and ours) safer.

In exchanging credentials, you'll get a long string called an access token. This access token will serve as your bearer token in the authorization header of API calls.

Find your credentials in the Sinch Customer Dashboard.

There are two pieces of information needed to obtain an access token: the key ID and key secret corresponding to your project ID.

To get an access token, do the following:

1. Login to the Sinch Client Dashboard to get your access keys .
2. Click on Create Access Key and when prompted, enter a display name, then click Confirm .

   Does it have to be a new key?

   Not at all. If you have existing credentials saved, feel free to use them.

3. A Key ID and Key Secret will display. Save the project ID, key ID, and key secret someplace safe.

   Important:

   The key secret is only viewable at the time of initial creation.

   If you accidentally misplace they key secret, no worries! Create a new key.

4. Using the following curl command, get your access token using the key ID and key secret.
   Copy

   Copied

   curl https://auth.sinch.com/oauth2/token \
   -d grant_type=client_credentials \
   -u YOUR_Key_ID:YOUR_Key_Secret

5. You'll see your new access token in the response. Now you're ready to use this token on calls to the API. The access token will be useable for one hour.

Best practice

It is recommended to re-new the access tokens before they expire. This ensures a seamless switch between old and new access tokens. We recommend generating a new access token if it's older than 80% of it's total time to live. It is often good enough for the application to refresh the token on a schedule (for example every 5 minutes) wihtout tracking the actual expiry time.

Basic authentication

HTTP Basic authentication works on all Sinch REST APIs. Basic auth is often the preferred option for testing because it is simple and easy to use.

Basic authentication is sent in the authorization header with each call.

No matter the programming language, there are three main components for successful basic authentication in a request:

• The designation of authorization type, which is basic
• The username , which in Sinch's case is YOUR_Key_ID , corresponding to your project
• The password , which is YOUR_Key_Secret , again, corresponding to the project

You can view and manage your API credentials here.

To use basic auth in an API call, do the following:

1. First, create a new access key in the Customer Dashboard by clicking Create Access Key .
2. Copy your project ID , key ID , and key secret .

   Important:

   Keep your key secret somewhere safe as it is only viewable upon initial project creation. The project ID and key ID are always readily available in the Customer Dashboard. If you misplace your key secret, simply generate a new key!

3. Use your key ID as the username (sometimes called the client_id ) and your key secret as the password (can be referred to as the client_secret ) in every call made to a Sinch API.

Server URL

The server URL is account.api.sinch.com.

JSON

JSON (application/json) is the content type of both requests and responses if not otherwise specified.

Requests with invalid JSON will be rejected.

Status codes

A summary of status codes can be found on the error codes page.

New features

New features might result in additional request and response parameters. New request parameters will either have a default value or be considered optional to retain backwards compatibility.