Authentication

To access the BudSense Partner API, you must authenticate your requests using the OAuth2 Client Credentials flow. This ensures that your integration is secure and that your application has the necessary permissions to interact with our data.

Getting Credentials

Currently, the BudSense Partner API is only available to select partners.

To get started, please reach out to the BudSense Development Team to request your unique credentials. You will be provided with:

• client_id: A unique identifier for your application.
• client_secret: A secret key used to authenticate your application.

Keep your Client Secret secure. Never share it in client-side code or public repositories.

If you need to reset your Client Secret, please reach out to the BudSense Development Team.

Authentication Flow

Requesting an Access Token

To obtain a Bearer token, send a POST request to the token endpoint.

• Endpoint: https://api.budsense.com/oauth/token
• Content-Type: application/x-www-form-urlencoded

Request Data

grant_type=client_credentials
client_id=YOUR_CLIENT_ID
client_secret=YOUR_CLIENT_SECRET
scope=budsense/read

Response

A successful response will return a JSON object containing the access token and its expiration time.

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI...",
  "token_type": "Bearer",
  "expires_in": 3600
}

Token Expiration and Refresh

• Expiration: Tokens are valid for 1 hour (3600 seconds).
• Refresh Logic: Once a token expires, you must perform the OAuth flow again to request a new access_token.

Best Practice: We recommend implementing logic to cache the token and only request a new one when the current token is near expiration or if you receive a 401 Unauthorized error.

Using the Access Token

Once you have an access token, you must include it in the Authorization header of all authenticated API requests.

Example Header

Authorization: Bearer <your_access_token>