Skip to main content

Making Authenticated Requests

Include the access token in the Authorization header of your API requests: 
curl -X GET "https://orbitforms.ai/api/v1/forms" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json"

Token Expiration

Access tokens expire after 1 hour. Use the refresh token to obtain a new access token without requiring the user to re-authorize.
To refresh an expired access token: 
curl -X POST "https://orbitforms.ai/api/oauth/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=refresh_token" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET" \
  -d "refresh_token=YOUR_REFRESH_TOKEN"

Authentication Errors

StatusErrorSolution
401invalid_tokenToken is expired or invalid. Refresh the token.
401token_expiredUse your refresh token to get a new access token.
403insufficient_scopeRequest additional scopes from the user.
429rate_limitedToo many requests. Implement exponential backoff.

Best Practices

Store tokens securely

Never expose tokens in client-side code or logs.

Proactively refresh

Refresh tokens before they expire to avoid interruptions.

Handle errors gracefully

Implement proper error handling for auth failures.

Next Steps

App Permissions

Learn about available scopes

API Reference

Make your first API call