How to Get an API Token for Brightflag How to Get an API Token for Brightflag

How to Get an API Token for Brightflag

📌 What is an API Token?

An API Token is like a secret key that lets your app talk to Brightflag’s system safely. To get one, we need to follow these easy steps!

🛠 What You Need

A Brightflag Account – If you don’t have one, ask your admin or IT team.
A Client ID & Secret – This is like a username & password for APIs. You can get these from Brightflag Support 👉 Brightflag Help.
An API Testing Tool – Check with your IT team for allowed applications (e.g., API testing tools like Postman, cURL, or other alternatives).

🚀 Step 1: Choose an API Testing Tool

Before we start, make sure you have an approved API testing tool on your device. If unsure, ask your IT team for recommendations. Common tools include:

  • Command Line Tools (e.g., cURL)
  • Graphical API Clients (e.g., Postman, Insomnia)
  • Custom Scripts (Python, JavaScript, etc.)

Once you've confirmed your tool, continue below!

🔑 Step 2: Request Your API Token

We’ll now request a token from Brightflag’s system.

1️⃣ In your API tool, make a POST request to this endpoint:

bash
 
{BASE_URL}/oauth/token

📍 Replace {BASE_URL} with the correct address from your region:

Region Production Base URL Sandbox (UAT) Base URL
🇺🇸 US https://app.brightflag.com/oauth/token https://app-test.brightflag.com/oauth/token
🇪🇺 EU https://enterprise.brightflag.com/oauth/token https://enterprise-test.brightflag.com/oauth/token
🇦🇺 AU https://aus.brightflag.com/oauth/token https://aus-test.brightflag.com/oauth/token

✅ Use the Sandbox URL for testing or UAT environments. If you don't have a Sandbox arranged already you can discuss with your customer success manager.

📩 Step 3: Add Headers & Body

You need to tell Brightflag who you are using specific details.

🏷 Headers

Key Value
Content-Type application/x-www-form-urlencoded

📝 Body (x-www-form-urlencoded or form-data)

Key Value
grant_type client_credentials
client_id Your Client ID (from Brightflag Support)
client_secret Your Client Secret (from Brightflag Support)

🎉 Step 4: Send the Request & Get Your Token

Click Send or run your API call.
If everything is set up correctly, you’ll get a response like this:

json
 
{ "access_token": "aaaaaaa-bbbb-cccc-dddd-eeeeeeeeeee", "token_type": "bearer", "expires_in": 1773878400, "scope": "read write trust" }

📜 Step 5: What the Response Means

Field Explanation Example
access_token The token/key you use to access the API "aaaaaaa-bbbb-cccc-dddd-eeeeeeeeeee"
token_type The type of token (should always be "bearer") "bearer"
expires_in The exact time this token expires (in epoch time) 1773878400
scope What access this token allows (e.g., read, write) "read write trust"

📆 1773878400 = July 18, 2025, 13:20 UTC

You can confirm this via epochconverter.com.

🔄 Step 6: Use the Token in Future Requests

To use this token for other API calls:

1️⃣ Make a new request (e.g., to fetch invoice data)
2️⃣ Add this to the headers:

Key Value
Authorization Bearer YOUR_ACCESS_TOKEN

Just replace YOUR_ACCESS_TOKEN with the real value from your response.

💡 Extra Tips

  • 🔁 If your token expires, simply repeat the steps to get a new one.
  • 🚫 Make sure to never share your Client Secret with others.
  • 🧪 Use the Sandbox environment for testing before going live.
  • 🆘 Need help? Contact Brightflag Support.

Related to:

API

Was this article helpful?

0 out of 0 found this helpful

Related articles