Skip to main content
Skip table of contents

API Authentication - Integration Guide

Overview

To access protected API endpoints, consumers must include an Authorization header in every HTTP request. This document explains how to acquire the token and how to include it in your API calls.

1. Obtain Access Token

To authenticate, send a POST request to the login endpoint with valid credentials.
There are two separate endpoints: one for the Agent Desk and another for the Unified Admin.

Endpoints

CODE 
POST agent-manager/agent/login
CODE 
POST unified-admin/keycloakLogin

Request Body

CODE 
{
  "username": "test",
  "password": "yourPassword"
}

Response

CODE 
{
    "statusCode": 200,
    "data": {
        "token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJGY25RNVh4Y",
        "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiAOC1mOTUxLT......",
        ...
    }
}

Save the token returned in the response. This is your access token for subsequent requests.

2. Use the Token in API Requests

Add the following header to every authenticated API call:

CODE 
Authorization: Bearer <your_access_token>

Without this header, secured endpoints will return 401 Unauthorized.

Error Handling

If you receive a 401 Unauthorized response:

  • The token may be missing, invalid, or expired.

  • Ensure you're including the Authorization header.

  • If expired, prompt user to log in again.

Update the lifespan for token:

https://expertflow-docs.atlassian.net/wiki/x/AQAfPg

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close