API Authentication

Accela API requests are authenticated based on the following:

• API Authentication Type - Determines whether an API endpoint requires an access token, app credentials, or does not require authentication.

  For Accela API endpoints that require an access token, you can choose one of the following mechanisms to get the access token:

  • Authorization code flow - Requests an intermediate authorization code before getting the access token.

  • Implicit flow - Requests an access token which is returned in a redirect URL.

  • Password credential login - Requests an access token via userid/password credentials.

• API Permission Scope - Determines which groups of resources (such as records, inspections, addresses, parcels, owners, settings, etc) an API token has access to. When you request an access token, you specify which scopes the token should grant access to. The Accela API Reference lists the scope names assigned to each API index.

When your app requests a Accela API access token, Construct authentication generates the access token using the given authentication credentials, permission scopes, client id/secret, agency name, and environment name. The client id and secret determines whether the token is for an agency or citizen app. To get your app's client id and secret values, login Developer Portal , and go to My Apps. To get the agency and environment names, contact Accela Customer Support if you are an Accela-hosted agency or contact your Construct administrator if you are an on-premise agency.