Authentication (REST API)

Learn how to authenticate with the REST API by generating and using an access token.

In order to access the Ironclad Clickwrap REST API, you’ll need to add an access token as an HTTP authorization header to every API request. Below, you'll find how to create and use an access token for the Ironclad Clickwrap API.

🚧

Please Review the Important Notes Section

Please review the "Important Notes" section before beginning to use your access token!

Create an API Access Token

Visit Your User Profile

Visit your User Profile by clicking on your initials in the bottom left of the page to open the navigation modal and then selecting “User Profile” at the top.

Visit the User Profile page by clicking on the "User Profile" link.Visit the User Profile page by clicking on the "User Profile" link.

Visit the User Profile page by clicking on the "User Profile" link.

Create a New API Application

Next to the “API Keys” header, click on the plus sign to open the “Register an API Key” modal.

Click on the plus sign to open the modal.Click on the plus sign to open the modal.

Click on the plus sign to open the modal.

With the "Register API Key" modal open, give your API application a name and a description of what you plan to use the access token for. You can then click “Register” to move on to the next step.

"Register API Key" modal open."Register API Key" modal open.

"Register API Key" modal open.

Once you have clicked "Register", move on to the next steps to generate an access token.

Generate an Access Token

Since creating an access token uses OAuth 2.0, you’ll need to click on “Generate New Token” to generate an access token from within the UI. Alternatively, you can also generate your access token programmatically via the REST API with this endpoint.

Click the "Generate New Token" to get an access token.Click the "Generate New Token" to get an access token.

Click the "Generate New Token" to get an access token.

Using Your Access Token

When making a request to the API, you’ll need to add the access token as an Authorization HTTP Header. It should look like the following:

Authorization: Bearer YOUR_ACCESS_TOKEN
Example of the access token being used in Postman when manually added as an HTTP header.Example of the access token being used in Postman when manually added as an HTTP header.

Example of the access token being used in Postman when manually added as an HTTP header.

Important Notes

Access Token and User Permissions

When generating an access token, the access token is tied to the permissions of the user that created it. This means:

  1. If the user that generated the token no longer has access to the Ironclad Clickwrap site, the access token will no longer work. Please use care when deciding which user account to generate the access token from.
  2. Generating an access token should be created by a user with the appropriate site permissions. For example: if the user that created the access token does not have “create” permissions, then attempting to use that access token to create resources via the API may fail.

Best Practices

API Requests Must Use HTTPS

API requests must only use HTTPS (SSL). Attempting to use without SSL will not succeed and should not be used.

Secure Your Access Token

Please keep your API key secure! Do not use your API key within client-side code. Additionally, do not share them publicly or store them in any git repositories.

Rotate Your Access Token

Since access tokens are generated using OAuth 2.0, you have the ability to rotate your keys at your own discretion via the API.


What’s Next

Now that you've got your access token for the REST API, you can do all sorts of stuff. Try getting started by creating a new Request for signature.

Did this page help you?