All direct calls to v3 Local Logic APIs use access tokens (JSON Web
Tokens) to authorize requests.
Token Retrieval
Tokens can be retrieved from the api.locallogic.co/oauth/token API with a
client_id and a client_secret as query parameters, which we will send to
you privately. Make sure to keep these credentials in a safe place!
Example:
api.locallogic.co/oauth/token?client_id={CLIENT_ID}&client_secret={CLIENT_SECRET}
will return a response similar to the following:
{
"access_token":"YOUR.ACCESS.TOKEN",
"token_type":"Bearer"
}
⚠️ The flow depicted here is for back-end code. You MUST NOT put client_id
or client_secret in front-end clients as it would result in a secret
exposure. (Anyone could look at the code and steal these credentials.)
If you need to reach the API with a front-end client, turn to the SDK. If you
have a special use case, reach out to support.
Token Usage
This token must be used in the Authorization Header for all v3 API requests.
Remember to include the word Bearer at the beginning of the authorization
string.
Issued tokens expire within 24 hours of retrieval to improve security (if a
token is somehow leaked, it won’t be usable forever), so we recommend
retrieving the token just prior to all v3 API calls. For example, in NodeJS it
could be implemented as follows: