• Authentication and authorization
    • Account Management API enforces OAuth2.0 authentication for all incoming requests.
    • Only authorized clients with valid access tokens are allowed to access protected resources.
  • Transport Security
    • All communication with the Account Management API must be performed over HTTPS.
    • The API enforces the use of secure versions of TLS that are 1.2 or higher.
  • Access Levels: There are 2 access levels supported on Account Management API:
    • Labelpartner access level: Access is restricted to create, access, update and delete resources that belong to this labelpartner.
    • Admin access level: All resources are accessible by this access level.


It is recommended that labelpartner access is used by the Customer and such access is provided by default by NET2GRID upon Customer onboarding

Using the Account Management API

To authenticate in Account Management API you need to supply a client_id and client_secret to the /token endpoint to obtain an access_token. Once authenticated the access token can be used for calls to API endpoints.


NET2GRID will provide the client_id and client_secret upon Customer onboarding or when adding a new labelpartner to the dedicated NET2GRID Insight Platform instance that has been created for the Customer

Client credentials

The client_id will:

  • be 24 length random generated string
  • include upper and lower case letters
  • include numbers
  • not include special characters

The client_secret will:

  • be 50 characters long alphanumeric
  • include upper and lower case letters
  • include numbers
  • not include special characters

Requesting a token

The token can be provided via the POST /token endpoint and it is in JWT format.

An example call in cURL format is described below:

curl --location --request POST 'https://<AM_API_BASE_URL>/v1/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' \
--data-urlencode 'client_id=<client-id>' \
--data-urlencode 'client_secret=<client-secret>' \
--data-urlencode 'grant_type=client_credentials'

the response of the token call will be like:

    "access_token": "<ACCESS_TOKEN>",
    "expires_in": 3600,
    "token_type": "Bearer"

Authenticated calls

Then all endpoint calls can be executed providing the access token in the header.

An example call in cURL format of the GET account is described below:

curl --location --request GET 'https://<AM_API_BASE_URL>/v1/account/<account-id>' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer <ACCESS_TOKEN>'