Authentication

The VAS Developer API requires an API key and OAuth token to authenticate requests, and features a two-layer authentication model to best protect our data and resources:

Credentials to the VAS Developer API are unique to each integration partner. The VAS Integrations team manages and shares your credentials with you during the initial onboarding session. Be sure to keep all credentials and authentication details secure and do not share them in public domains.

Click here for details on generating your OAuth access token!

The VAS Integrations team will share key details to get you started:

Your client_id and client_secret, which you need to request a token
The URL for the request

Send your request:

curl --location 'https://auth.prod.vas.com/connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=your_client_id \
  --data client_secret=your_client_secret \

Receive your token and expiration details (in seconds) and a 200 OK response:

{
  "access_token":"abcdef...123456",
  "token_type":"Bearer",
  "expires_in":3599
}

NOTE:

Access tokens are currently configured to expire in 3599 seconds (almost an hour), so your application will need to authenticate hourly.
If the request fails, verify that your client_id and client_secret are correct. Contact us if you need help!

All VAS Developer API requests must be made to https://, and any calls made to http:// will fail. API requests without the required authentication will also fail.

< Return to Getting Started Overview