Fixed header

All requests made to third party servers will have the same header in the following format:



x-api-key: ‘2345fghgh5vbt45fgfgf’

The name and value can be anything the client needs.

Oauth2 token

Riskline will first make a request to a third party server to fetch a token. That token will be used for all requests until the token expires, at which moment Riskline will request a new token.

Requesting token


Body: grant_type=’client_credentials’

Headers: ‘Authorization’: 'Basic base64encodedstring'

The base64encoded string represents the following:


The two values for clientid and clientsecret are provided by the client.

Response Code: 200

Body: access_token=tokengoeshere experies_in=3600

This header will be sent as follows on all requests:

‘Authorization’: ‘Bearer tokengoeshere’

Did this answer your question?