Nxsys API Documentation
  1. Authentication
Nxsys API Documentation
  • Introduction
    • Nxsys API Documentation
    • Base URL and Environments
    • Handling Errors
    • Pagination
    • Best Practices
  • Authentication
    • Overview
    • Step 1: Create a Client Application
    • Step 2: Obtain Authorization Code
    • Step 3: Exchange your Authorization Code for an Access Token
    • Step 4: Refresh your Access Token
  • APIs
    • Authentication
      • Construct the Authorization URL
      • Exchange your Authorization Code for an Access Token
    • Candidates
      • Create Candidate
      • Get Candidates
      • Update Candidate
    • VAT Codes
      • Get Default VAT Codes
    • PaymentRate
      • Create Payment Rate
      • Get Payment Rates
      • Get Single Payment Rate
      • Update Payment Rate
    • Timesheet
      • Create Timesheet
      • Get Timesheets
      • Get Single Timesheet
      • Update Timesheet
    • Payslips
      • Get Payslips
  1. Authentication

Step 3: Exchange your Authorization Code for an Access Token

To authenticate API requests to the Nxsys API, you must exchange the authorization code obtained in the previous step for an access token. This token serves as the credential for secure API interactions.

Prerequisites#

Ensure you have the following before proceeding:
Client ID: Unique identifier for your application.
Client Secret: Secure key for your application.
Authorization Code: Code obtained from the authorization step.
Redirect URI: The URI registered with your application.
📌
If you lack these credentials, refer to Step 1: Register a Client Application and Step 2: Obtain an Authorization Code for guidance.

Steps to Obtain an Access Token#

1
Construct the Token Request
Prepare a POST request to the Nxsys token endpoint with the required parameters in the request body.
Endpoint:
POST {{nxsys_base_api_url}}/nxsys/oauth/token
Content-Type: application/x-www-form-urlencoded
Nxsys Base API URL
For details on configuring the base URL, see Base URL and Environments.
Request Body Parameters:
ParameterRequiredDescription
grantTypeYesSet to authorization_code.
codeYesThe authorization code from the previous step.
clientIdYesYour application's client ID.
clientSecretYesYour application's client secret.
redirectUriYesThe redirect URI used in the authorization request.
2
Execute the Request
Send the POST request to the token endpoint. Below is an example using cURL:
Replace placeholders (YOUR_AUTHORIZATION_CODE, YOUR_CLIENT_ID, etc.) with your actual values.
3
Process the Response
Upon success, the API returns a JSON response containing the access token and related details:
{
  "accessToken": "YOUR_ACCESS_TOKEN",
  "tokenType": "Nxsys-oauthtoken",
  "expiresIn": 3600,
  "refreshToken": "YOUR_REFRESH_TOKEN"
}
Response Fields:
FieldDescription
accessTokenToken used to authenticate API requests.
tokenTypeType of token, set to Nxsys-oauthtoken.
expiresInDuration (in seconds) until the access token expires.
refreshTokenToken used to obtain a new access token upon expiration.
Securely store the accessToken and refreshToken. Avoid exposing them in client-side code, public repositories, or unsecured environments.
📌

You can quickly try the API using Exchange your Authorization Code for an Access Token#

Using the Access Token#

To authenticate API requests, include the access token in the Authorization header of your requests:
Authorization: Nxsys-oauthtoken YOUR_ACCESS_TOKEN
Replace YOUR_ACCESS_TOKEN with the actual token received from the response.
Previous
Step 2: Obtain Authorization Code
Next
Step 4: Refresh your Access Token
Built with