Visibly uses a standard OAuth 2.0 Client Credentials flow. You will perform a one-time exchange of your credentials for a temporary access token, which is then used for all subsequent API calls.
To retrieve a token, make an HTTP POST request to our token endpoint. You must include a Basic Authorization header containing your Base64 encoded credentials (clientId:clientSecret).
- Sandbox Endpoint:
https://sandbox-visibly.auth.us-east-1.amazoncognito.com/oauth2/token - Production Endpoint:
https://prod-visibly.auth.us-east-1.amazoncognito.com/oauth2/token - Header:
Authorization: Basic {{Base64(clientId:clientSecret)}} - Content-Type:
application/x-www-form-urlencoded - Body:
grant_type=client_credentials
The server returns a JSON object containing your access_token and its expiration time (usually 3600 seconds).
Example response:
{
"access_token": "eyJhbGciOiJ...",
"expires_in": 3600,
"token_type": "Bearer"
}Note: Store the expires_in value to know when to request a new token. You should request a new token before the current one expires.
Once you have the access_token, include it in the header of every GraphQL request.
- Header Key:
Authorization - Header Value:
Bearer {{access_token}}
- You can exchange your credentials for a valid
access_token. - You can successfully call the Visibly API by passing the token in the
Authorizationheader.