Guides

OAuth

Suggest Edits

Authorization

Snapdocs Connect uses OAuth 2.0, an industry-standard protocol that allows us to grant access to our products and services without sharing unique credentials with a third party. The protocol defines a process that will enable limited access to resources hosted by web-based services accessed over HTTP. Tokens assigned to authenticated clients are required to access all protected resources.

1660

OAuth 2.0 Grant Type

The type of access called “OAuth 2.0 grant type” used for Snapdocs Connect is client credentials – here, the username and password are not required. Instead, you obtain the Access Token by providing only the client_id, client_secret, and the audience.

Setting up OAuth 2.0 requires getting credentials, requesting an access token, and accessing protected resources.

Client ID, Client Secret, Grant, Scope and Audience

Your Customer Success Manager will reach out to you and provide your Client ID, Client Secret, as well as a list of scopes you have access to. These API keys carry many privileges, so be sure to keep them secure!

  • client_id — the unique Client ID provided by Snapdocs.
  • client_secret — the unique Client Secret provided by Snapdocs
  • grant_type — must be set to client_credentials
  • audience — the api you intend to call using a token generated by this request, example https://api.*.snpd.io
  • scope — a space delimited list of authorization codes used to control the access to APIs, example
# Closings
closings:read:closings
closings:write:closings

# Documents
closings:read:documents
closings:write:documents

# Borrowers
closings:read:borrowers

# Esign 
closings:write:esign

# Notary
closings:read:notary

# Appointment
closings:read:appointment
closings:write:appointment

# Subscriptions
closings:read:subscriptions
closings:write:subscriptions

# Comments
closings:read:comments
closings:write:comments

Access Token

You must make a POST call to the Authorization Server's token endpoint to generate an access token.

📘

A token expires 2 hours from issue time and Snapdocs doesn't support refresh tokens.

We recommend reusing the bearer token until it is expired, then make another call to generate a new token.

Access tokens are mapped to your credentials and determine your authorization to call the approved APIs you connected to your app.

Access protected resources

All requests you make to Snapdocs Connect must contain a valid access token. Requests with invalid tokens will be denied access to the resource with the API, returning an HTTP 401 status code.

Updated about 2 months ago