Requesting Access Token

To get your Token you need API Keys, API Secret, Keliweb username and password.

This guide provides you with all the details to get, refresh and revoke your access token. But first, you need to get an API key (Client ID) and API Secret (Client Secret) from your Keliweb account manager. Check all API keys examples.

Access tokens have 1h lifetime (3600s). Refresh tokens expire in 10 days.


Method URI

Request Parameters

Parameter Type Description Required
grant_type string default value: password Required
client_id string The client ID provided to access APIs Required
client_secret string The client secret key provided to access APIs Required
username string The client email address Required
password string The client password Required

Response Parameters

Parameter Type Description
token_type string default value: Bearer
expires_in integer The token lifetime (in seconds)
access_token string The access token
refresh_token string The refresh token

Example Request (PHP Curl)


                    $curl = curl_init();
                    curl_setopt_array($curl, array(
                      CURLOPT_URL => "",
                      CURLOPT_RETURNTRANSFER => true,
                      CURLOPT_ENCODING => "",
                      CURLOPT_MAXREDIRS => 10,
                      CURLOPT_TIMEOUT => 0,
                      CURLOPT_FOLLOWLOCATION => false,
                      CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
                      CURLOPT_CUSTOMREQUEST => "POST",
                      CURLOPT_POSTFIELDS =>
                                    'grant_type'    => 'password',
                                    'client_id'     => 'ea9ea94e-a0c2-4b87-9834-26b218ed26a0',
                                    'client_secret' => 'MoQSElJG5MoLkVhRJCJ7jdQZVwfbrtwKKepwOsXO',
                                    'username'      => '',
                                    'password'      => 'xxxxxxx',
                      CURLOPT_HTTPHEADER => array(
                        "Content-Type: application/x-www-form-urlencoded",
                        "X-Requested-With: XMLHttpRequest"
                    $response = curl_exec($curl);
                    $err = curl_error($curl);
                    if ($err) {
                      echo "cURL Error #:" . $err;
                    } else {
                      echo $response;


Example Request (jQuery AJAX)

                    var form = new FormData();

                    form.append("grant_type", "password");
                    form.append("client_id", "ea9ea94e-a0c2-4b87-9834-26b218ed26a0");
                    form.append("client_secret", "MoQSElJG5MoLkVhRJCJ7jdQZVwfbrtwKKepwOsXO");
                    form.append("username", "");
                    form.append("password", "xxxxxxx");
                    var settings = {
                      "async": true,
                      "crossDomain": true,
                      "url": "",
                      "method": "POST",
                      "headers": {
                        "cache-control": "no-cache",
                      "processData": false,
                      "contentType": false,
                      "mimeType": "multipart/form-data",
                      "data": form
                    $.ajax(settings).done(function (response) {

Example Response (JSON payload)

                        "token_type": "Bearer",
                        "expires_in": 3600,
                        "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImYyYjBjOWNkODFiYzRmODMwOGZlNjZkZjAxZWY0MmVkZjc1YTRmMDU3NjFlODk2ZjZmZGMyMDVlZT",
                        "refresh_token": "def50200cb918cb70defe79d45f1f2193c4c0a959fd78a5c3123e5d3f33f3b8af6b1080f6c7458e910f6992f4f7b2f25da42b58ae7542950e5b402faa"