API Overview
This document provides a detailed user guide and reference documentation on the Sinch Provisioning API. The Sinch Provisioning API allows you to programmatically set up your senders, accounts and templates on your favorite messaging platforms on the Conversation API. For now, you can create your first WhatsApp channel through Meta's Embedded sign up, you can configure your first SMS App and configure your webhooks. As development continues, we will be adding the most commonly used channels.
You can also download the Postman collections for Provisioning API here:
If you have any questions around the documentation or the API please contact Sinch support.
Authentication
Provisioning API supports both basic and OAuth2 authentication types.
Basic
HTTP Basic authentication works on all Sinch REST APIs. Basic auth is often the preferred option for testing because it is simple and easy to use.Important!
Basic authentication is intended for test purposes only, and should only be used for experimenting with APIs and building prototypes. API calls using basic authentication are heavily rate limited, and these limits may change at any time without warning. Production systems should use OAuth access tokens instead.
Basic authentication is sent in the authorization header with each call.
No matter the programming language, there are three main components for successful basic authentication in a request:
- The designation of authorization type, which is
basic
- The
username
, which in Sinch's case isYOUR_Key_ID
, corresponding to your project - The
password
, which isYOUR_Key_Secret
, again, corresponding to the project
Need help?
To use basic auth in an API call, do the following:
- First, create a new access key in the Customer Dashboard by clicking New Key.If you are using the beta version of the Customer Dashboard, create a new access key here instead.
- Copy your project ID, key ID, and key secret.
Important:
Keep your key secret somewhere safe as it is only viewable upon initial project creation. The project ID and key ID are always readily available in the Customer Dashboard. If you misplace your key secret, simply generate a new key!
- Use your key ID as the username (sometimes called the
client_id
) and your key secret as the password (can be referred to as theclient_secret
) in every call made to a Sinch API.
OAuth2
Achieve more secure API authentication with OAuth 2.0 access tokens.
Access tokens are short lived. Typically, they will only last one hour. This is done to keep your data (and ours) safer.
In exchanging credentials, you'll get a long string called an access token. This access token will serve as your bearer token in the authorization header of API calls.
Find your credentials in the Sinch Customer Dashboard. Or here if you're using the beta version of the Customer Dashboard.There are two pieces of information needed to obtain an access token: the key ID and key secret corresponding to your project ID.
To get an access token, do the following:
- Login to the Sinch Client Dashboard to get your access keys. If you're using the beta version of our dashboard, click here instead.
- Click on New Key and when prompted, enter a display name, then click Confirm.
Does it have to be a new key?
Not at all. If you have existing credentials saved, feel free to use them.
- A Key ID and Key Secret will display. Save the project ID, key ID, and key secret someplace safe.
Important:
The key secret is only viewable at the time of initial creation.
If you accidentally misplace they key secret, no worries! Create a new key.
- Using the following curl command, get your access token using the key ID and key secret.
curl https://auth.sinch.com/oauth2/token \ -d grant_type=client_credentials \ -u YOUR_Key_ID:YOUR_Key_Secret
- You'll see your new access token in the response. Now you're ready to use this token on calls to the API. The access token will be useable for one hour.
Short lived
The access token is meant to be short lived for enhanced security. Generate one as often as it is necessary.
Base URL
The following URL can be used when making calls to the Provisioning API:
Server | URL |
---|---|
Provisioning API (Global Production) | https://provisioning.api.sinch.com |