Authentication

The REST API uses the OAuth 2.0 protocol for authentication and authorization.

We will now show you how to add a new application and receive an access token. You have to add the Authorization: Bearer <access_token> header to all your REST API requests.

Add a new application

Go to [api.sipgate.com/developer](https://api.sipgate.com/developer) and log in with your credentials.

Go to api.sipgate.com/developer and log in with your credentials.

Click `Add a new application`.

Click Add a new application.

Choose your application name.

Choose your application name.

Copy your `Client Id` and `Client Secret`.

Copy your Client Id and Client Secret.

Choose your scopes

Scopes are used to grant an application different levels of access to data on behalf of the end user. As an example, the scope for sending SMS (/sessions/sms) is sessions:sms:write.

Refer to our complete list of scopes to find the appropriate scope for your application.

A word about security

It is generally a good idea to only use a minimal set of scopes to maximize security.

Receiving an access token

Use your favorite OAuth library

You can use any library of your choice if you don't want to do OAuth manually. Have a look at our examples.

If you do not want to use a library we will now show you how to get an access token.

Send your users to `https://api.sipgate.com/v1/authorization/oauth/authorize?scope=<your_scopes>&response_type=code&client_id=<your_client_id>&redirect_uri=<your_redirect_uri>`. The user will be prompted to log into their sipgate account.

Send your users to https://api.sipgate.com/v1/authorization/oauth/authorize?scope=<your_scopes>&response_type=code&client_id=<your_client_id>&redirect_uri=<your_redirect_uri>. The user will be prompted to log into their sipgate account.

After logging in a list of the requested scopes will be displayed. The user is asked to authorize your application. If the user accepts your request, he will be redirected back to your provided redirect uri with `code` attached (e.g. `http://localhost?code=<code>`)

After logging in a list of the requested scopes will be displayed. The user is asked to authorize your application. If the user accepts your request, he will be redirected back to your provided redirect uri with code attached (e.g. http://localhost?code=<code>)

After

curl \
--request POST \
--header "Content-Type: application/x-www-form-urlencoded" \
--header "Accept: application/json" \
--data "client_id=<your_client_id>&client_secret=<your_client_secret>&code=<code>&redirect_uri=<your_redirect_uri>&grant_type=authorization_code" \
https://api.sipgate.com/v1/authorization/oauth/token

You will find the access token within the response. It will probably look like this:

{
  "access_token": "<access_token>",
  "token_type": "Bearer",
  "scope": "<your_scope>"
}

You are now ready to query the REST API. Just add Authorization: Bearer <access_token> to the headers of your request. You could send an SMS for example:

curl \
--request POST \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--header "Authorization: Bearer <access_token>" \
--data '{"smsId": "<your_sms_id>", "recipient": "<phone_number>", "message": "I :love: sipgate!"}' \
https://api.sipgate.com/v1/sessions/sms

Authentication