Unduit

Authentication

Learn how to authenticate with the Unduit API and secure your requests.

Before you begin

You'll need an Unduit account with API access enabled. Contact your account manager or reach out to sales to get started.

Overview

The Unduit API uses token-based authentication. All API requests must include a valid access token in the Authorization header. Access tokens are obtained by authenticating with your client credentials (email and password).

Authentication Flow

1

Obtain Access Token

Send your client_id (email) and client_secret (password) to the login endpoint to receive an access token valid for 4 hours.

2

Include Token in Requests

Add the access token to the Authorization header of all API requests as a Bearer token.

3

Refresh When Needed

When your access token expires (after 4 hours), use your current token with the refresh endpoint to obtain a new access token without re-entering credentials.

Step 1: Login

Make a POST request to the login endpoint with your credentials:

curl --location 'https://dev-api.unduit.com/api/v1/auth/login' \
  --header 'content-type: application/json' \
  --data-raw '{
    "client_id": "your-email@example.com",
    "client_secret": "your-password"
  }'

Response

{
  "message": "Login successful",
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MiwiZW1haWwiOiJmYWlyd2F5aW5kZXBlbmRlbnRtb3J0Z2FnZWNvcnBvcmF0aW9uQHVuZHVpdC5jb20iLCJjb21wYW55X2lkIjozMTcsImlhdCI6MTczMzMxNTY4OCwiZXhwIjoxNzMzMzE5Mjg4fQ.RNon3WMwoBrz0C0HZxi3TDSt-LjIwL38Wnrue6yvCVw"
}

Step 2: Use Access Token

Include the access token in the Authorization header for all API requests:

curl -X GET https://dev-api.unduit.com/api/v1/employees \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json"

Step 3: Refresh Token

Access tokens expire after 4 hours. Send your current access token to the refresh endpoint to get a new one:

curl --location 'https://dev-api.unduit.com/api/v1/refresh-token' \
  --header 'content-type: application/json' \
  --data-raw '{
    "refresh_token": "YOUR_CURRENT_ACCESS_TOKEN"
  }'

Security Best Practices

Store tokens securely

Never store tokens in client-side code or version control. Use environment variables or secure key management systems.

Use HTTPS only

Always make API requests over HTTPS to protect tokens in transit.

Implement token refresh logic

Automatically refresh tokens before they expire to maintain uninterrupted service.

Handle expiration gracefully

Implement proper error handling for 401 Unauthorized responses and refresh tokens automatically.

Next Steps

Now that you understand authentication, you're ready to start making API calls:

Login API Reference

Detailed documentation for the login endpoint including all request and response parameters.

List Employees

Try your first authenticated request by listing employees in your organization.