Access tokens

Generating and obtaining tokens for Ticket api


The second version of the Ticket API supports authorization scheme with refresh + access tokens. To work with it you'll need to use access and refresh tokens.

  • Access tokens is short-lived token (an hour) and they allow your app to access the Ticket API.

  • Refresh tokens allow you to create new access tokens. They must be saved in a secure place.

All API endpoints require an access token, so each time you access an endpoint, your request must have one.

Usage scheme

All refresh tokens must be stored and used in secure way. Refresh tokens supposed to be used from your server to create new access tokens (server to server call) which can be transferred to your client's application and then client's application can call the Ticket API.

So when your client's application needs to call the Ticket API, it can use existed access token or calls your server side application, to get a new access token. The server side application can return active access token or obtain a new one from the Ticket API.

How to Get a Refresh Token

Open Settings by clicking on your user’s avatar in the top right corner of inbox and choosing “Settings”.

Open “Installation” tab.

Open “Public API” tab.

On this page you can see your Client ID and create/delete your refresh tokens. Client ID and one of our refresh tokens are required to create short-lived access tokens.

During creating a new refresh token you will need to specify the name for this token, it could describe purposes for which do you want to use this token.

To create new access token you need to send the following request:


Obtaining new access tokens requires specifying 3 parameters: client_id, refresh_token, grant_type

A body of this particular request should be sent in x-www-form-urlencoded data format.






Must be set to 'refresh_token'




One of your refresh tokens




Your Client ID


    "access_token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJjaWQiOiIxIiwidHlwZSI6IkNvbW11bml0eSIsIm5iZiI6MTU4MjU1ODU1MiwiZXhwIjoxNTgyNTYyMTUyLCJpc3MiOiJzb2NpYWxib2FyZHMuY29tIiwiYXVkIjoiZjUyNWExNzAtOWM4OS00MGI3LWE2ODctNjczZWZkN2YyMThiIn0.rXiErxy4IlvhNs10Ovwg61mAa4cX36_E2Rw3nghD0R7KfxuIkeXBmQgPagqfEL1gk6d-W5pNQ_py2h3p23zM_g",
    "token_type": "bearer",
    "expires_in": 3599,
    "refresh_token": "c5ngLXd0zVrgN6U7jdAw2EOGd9fj0GkZEFOvdd6yEHo="

access_token from the response can be used as Bearer token to call endpoints.

You need to set it into Authorization header in the following way: Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJjaWQiOi...

Last updated