The RepTrak Platform API uses a token authentication model that requires a user to retrieve an Access Token using their private and personal Client ID and Client Secret. The user's Client ID and Secret should be protected like any username and password because they provide access to your data.

Authorization Header

Once you have retrieved your Access token through our Authentication API you will use that token in the Authorization header of your requests in the following format.

Bearer "AccessToken1234"

Retrieving your Client ID and Secret

You can access your Client ID and Client Secret for your organization through the RepTrak Platform. Head over to and log in. Then go to the Tools page in the top navigation bar. You should see your API credentials here once your API access has been configured.

Retrieving your Access Token


Client ID and Client Secret should never be used in client-side code

Note that because the following request uses your client secret, it must never be made in client-side code or in an app binary that could be decompiled. It is important that your client secret is never shared with anyone. Therefore, this API call should only be made using server-side code.

Make a POST request to the following endpoint with your ClientID and ClientSecret in the request body:

POST - <>
Code Samples are available here: API Reference: Get Access Token

    "client_id": string,
    "client_secret": string

If you pass valid credentials in this format, you’ll get a response that looks like this:

    "access_token": string,
    "token_type": "Bearer",
    "expires_in": 86400

Your new access token will expire. The access token in this example is only valid for 86400 seconds (1 day). This time will decrease as your token ages and when it expires you’ll have to repeat this process to get a new one.