PageUp APIs are secured using OAuth 2.0, which provides authentication and verification with bearer tokens which must be included in request headers.
Before generating an access token, you must obtain a client_id and client_secret from PageUp. These are referred to as 'client credentials' and can then be used to request an access token from the PageUp token endpoint. Please request these from your PageUp representative.
PageUp hosts customers all around the globe. To ensure efficient service to our customers, we use datacentres in multiple locations around the world. Each datacentre is assigned a unique identifier. Take not of the datacentre where your customer is hosted and contact your PageUp representative if clarification is required.
For example: https://login.dc2.pageuppeople.com/connect/token
| Region | Data Centre |
|---|---|
| AUS | DC2 |
| UK / EMEA | DC3 |
| US | DC4 |
| SEA | DC5 |
Root URL:
https://<environment>.<dataCentreId>.pageuppeople.com/connect/token
environment = 'login' for LIVE or 'loginuat' for UAT
dataCentreId = the data centre to connect to (e.g. dc2)
Examples:
LIVE environment for dc2: https://login.dc2.pageuppeople.com/connect/token
UAT environment for dc3: https://loginuat.dc3.pageuppeople.com/connect/token
Access to PageUp APIs is restricted through the use of OAuth scopes. Generally these are automatically provisioned as per your contract request with PageUp, however should your requirements change, you can contact PageUp to discuss the scopes enabled for your credentials.
Your client_id and client_secret is used to identify you as a consumer of PageUp APIs. To ensure the security of PageUp customer data, each client id can only be connected to one PageUp customer and one environment.
Each PageUp customer has both a UAT and LIVE environment. You will be provisioned UAT credentials until you are prepared to GO LIVE.
Security best practice highly recommends that you store your client_secret encrypted at rest, particularly if you plan to commit it to a shared repository.
To obtain these credentials please speak with your company's HR Super User or PageUp representative. HR Super Users should refer to the Requesting API Credentials article in the knowledge portal for more information (or please feel free to contact your Customer Success Manager).
Once created, access tokens are valid for n seconds as defined by the "expires_in" value. It is highly recommended that the token be reused until near expiry to improve performance.
URL:
https://<environment>.<dataCentreId>.pageuppeople.com/connect/token
METHOD:
POST
HEADER:
{Content-Type:application/x-www-form-urlencoded}
BODY:
{client_id:<clientId>,
client_secret:<clientSecret>,
grant_type:client_credentials,
scope:<accessControlScope>}
clientId = PageUp supplied ID used to identify the consumer
clientSecret = PageUp supplied secret key paired to clientId
accessControlScope = Requested access scopes. Specify either a single scope or multiple scopes (separated by a space i.e "scopeA scopeB scopeC").
{
"access_token": "the_access_token_string",
"expires_in": 300,
"token_type": "Bearer"
"scope": "Public.Application.Read Public.Application.Write"
}
access_token = Token value.expires_in = Lifetime of token in seconds.token_type = The type of token. e.g. Bearer.In endpoint requests, include the below in your header.
Header:
Authorization: Bearer <access_token>
The access token request Postman collection is available publicly below: