All PropQ API calls should be authenticated via OAuth2 client credentials flow.

In order to using the API, you must have a client id and a client secret. Contact Resales Online for these information. You have to store securely in your side. Never hardcode them in your code.

Each API call is an HTTP request with at least two headers:

• Content-Type : always be application/json . If this header is missing or not correct, the response code can be incorrect.
• Authorization : must be a string in the following format Bearer with <access_token> the is an access token grantted from our server. An access token can be cached in your system (local files, databases, …) to use in 30 days since it is created.

To get a new access token, send and HTTP POST request to https://api.propq.com/oauth/token with these parameters:

• grant_type: always be client_credentials
• client_id: your client id (should be an integer)
• client_secret: your client secret (should be a string)

If the data is valid, the response we be a JSON object with the following fields:

• access_token: the access token that you will use in other API requests
• expires_in: the number of seconds that the access token is valid. Currently, this value always be 2592000 (30 days)
• token_type: Always be Bearer

The example section gives an example of how to work with Resales Online APIs.

OAuth2

This API use OAuth2 with the client credentials flow

Security Scheme Type: OAuth2

Flow type: clientCredentials

Token URL: https://api.propq.com/oauth/token