Using x-kc-token
The x-kc-token is your access token for authenticating API requests with SpectaBill. Obtained by authenticating with your credentials Client ID and Client Secret, this token grants secure access to the API, allowing you to perform actions like creating products or retrieving billing data.
To use it, include the x-kc-token header with your token value in every API request. Tokens are issued via the SpectaBill authentication endpoint and are tied to your account’s permissions.
How It Works
To obtain an x-kc-token, send a POST request to the authentication endpoint with your credentials. The response includes an access token, which you then pass in the x-kc-token header for subsequent API calls. Tokens are temporary and expire, requiring periodic refresh using the same authentication process.
Obtaining Your Token
curl --request POST \
--url https://api.spectabill.com/spectabill-auth/realms/sandbox/protocol/openid-connect/token \
--header 'Accept: application/json' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data 'grant_type=client_credentials' \
--data 'client_id=YOUR_CLIENT_ID' \
--data 'client_secret=YOUR_CLIENT_SECRET'
Use the access_token value as your x-kc-token in API requests.
Tokens typically expire after a set period as indicated by expires_in.
- Use x-kc-token in every API request requiring authentication (e.g., POST, GET, DELETE to protected endpoints).
- Store tokens securely and avoid exposing them in client-side code or logs.
- Refresh tokens before they expire to maintain uninterrupted access—track expires_in and re-authenticate as needed.