Access Token


A customer will be given an "access_token".  The access_token, also known as a bearer token, must be sent as an http header with all API requests.


The Dsco APIs authorize access using a specific form of OAuth 2 called 2-legged OAuth. Each Dsco customer will be provided an access_token which uniquely authorizes a customer to access the Dsco APIs. While care should be taken to protect the access_token, Dsco can generate a new access_token on behalf of a customer at any time. The customer's access_token must accompany each HTTP request, as a request header (more on this below).

 All requests must make use of industry standard SSL (https://) to protect the sensitive data in the request and response.

Request Headers

Each HTTP request must include the following request headers:

  • Authorization - the value is the customer's access_token
    Authorization: bearer 222222-22222-2222-2222-222222222
  • Accept - the value must be "application/json"
    Accept: application/json
  • Content-Type - the value must be "application/json"
    Content-Type: application/json

Making a simple API Request

Quick Summary

  • Base URL for all production APIs is:
  • Base URL for all staging  APIs is
  • Include "Authorization" request header whose value is access_key, here's an example
    Authorization: bearer 222222-22222-2222-2222-222222222
  • Accept request header must be application/json
    Accept: application/json
  • Content-Type request header must be application/json
    Content-Type: application/json
GET /api/v3/hello HTTP/1.1
Connection: keep-alive
Accept: application/json
Authorization: bearer 222222-22222-2222-2222-222222222
Content-Type: application/json

The following is the HTTP response from the "hello" API.

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 18
Expires: 0
Cache-Control: no-cache
Was this article helpful?
1 out of 1 found this helpful



Please sign in to leave a comment.