Skip to content

Accessing the API

v3 API Authorization

All direct calls to v3 Local Logic APIs use access tokens (JSON Web Tokens) to authorize requests.

Token Retrieval

Tokens can be retrieved from the API with a client_id and a client_secret as query parameters, which we will send to you privately. Make sure to keep these credentials in a safe place!

Example:{CLIENT_ID}&client_secret={CLIENT_SECRET} will return a response similar to the following:

"access_token": "YOUR.ACCESS.TOKEN",
"token_type": "Bearer"

⚠️ The flow depicted here is for back-end code. You MUST NOT put client_id or client_secret in front-end clients as it would result in a secret exposure. (Anyone could look at the code and steal these credentials.)

If you need to reach the API with a front-end client, turn to the SDK. If you have a special use case, reach out to support.

Token Usage

This token must be used in the Authorization Header for all v3 API requests. Remember to include the word Bearer at the beginning of the authorization string.

Issued tokens expire within 24 hours of retrieval to improve security (if a token is somehow leaked, it won’t be usable forever), so we recommend retrieving the token just prior to all v3 API calls. For example, in NodeJS it could be implemented as follows:

var fetch = require("node-fetch");
// call authorization API
fetch('' + new URLSearchParams({
client_id: '<CLIENT_ID>',
client_secret: '<CLIENT_SECRET>'
}), {
method: 'GET',
.then(authResponse => authResponse.json())
.then(authBody => {
var accessToken = authBody.access_token;
// call v3 API with access token
return fetch('<resource>?' + new URLSearchParams({
lat: 41.847206,
lng: -87.668825
}), {
method: 'GET',
headers: {
Accept: 'application/json',
Authorization: 'Bearer ' + accessToken
.then(response => response.json())
.then(body => {
// successful API call
.catch(error => {
// handle error
© Local Logic 2023