Authentication

Making Authenticated Requests

Include the access token in the Authorization header of your API requests:

curl -X GET "https://orbitforms.ai/api/v1/forms" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json"

Token Expiration

Access tokens expire after 1 hour. Use the refresh token to obtain a new access token without requiring the user to re-authorize.

To refresh an expired access token:

curl -X POST "https://orbitforms.ai/api/oauth/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=refresh_token" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET" \
  -d "refresh_token=YOUR_REFRESH_TOKEN"

Authentication Errors

Status	Error	Solution
`401`	`invalid_token`	Token is expired or invalid. Refresh the token.
`401`	`token_expired`	Use your refresh token to get a new access token.
`403`	`insufficient_scope`	Request additional scopes from the user.
`429`	`rate_limited`	Too many requests. Implement exponential backoff.

Best Practices

Store tokens securely

Never expose tokens in client-side code or logs.

Proactively refresh

Refresh tokens before they expire to avoid interruptions.

Handle errors gracefully

Implement proper error handling for auth failures.

Next Steps

App Permissions

Learn about available scopes

API Reference

Make your first API call

Getting Started

Building Apps

Publishing

App Resources

Making Authenticated Requests

Token Expiration

Authentication Errors

Best Practices

Store tokens securely

Proactively refresh

Handle errors gracefully

Next Steps

App Permissions

API Reference

Getting Started

Building Apps

Publishing

App Resources

​Making Authenticated Requests

​Token Expiration

​Authentication Errors

​Best Practices

Store tokens securely

Proactively refresh

Handle errors gracefully

​Next Steps

App Permissions

API Reference

Making Authenticated Requests

Token Expiration

Authentication Errors

Best Practices

Next Steps