# Crewmojo API

{% hint style="info" %}
Please speak to us if you are interested in enabling this feature.
{% endhint %}

Once we have configured your API access, your Crewmojo Admin users will have access to the Client ID and Secret Key within Crewmojo.

### To get the Client ID and Secret Key

* Log on to Crewmojo web app
* Go to Company Settings (under hamburger menu in top left hand corner)
* Click on the 'Integrations' Icon:

<figure><img src="https://3642668384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MRrhLpnMBMvsP3evlwZ%2Fuploads%2FTB2WEWBpQmHPwNsucJnP%2FScreenshot%202024-02-09%20at%2012.46.13%E2%80%AFpm.png?alt=media&#x26;token=24b36c15-5b81-407b-be30-b295043aa336" alt=""><figcaption></figcaption></figure>

* Locate the API Authentication card:

<figure><img src="https://3642668384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MRrhLpnMBMvsP3evlwZ%2Fuploads%2FdF66Sx97VDaCYSwfVImg%2FScreenshot%202024-02-09%20at%2012.48.57%E2%80%AFpm.png?alt=media&#x26;token=85faa3dd-4bf9-4d33-a268-dbdc75032009" alt=""><figcaption></figcaption></figure>

* Copy the Client ID, then view the Secret Key by clicking the 'eye' icon and copy that. Note that each access to the Secret Key is logged.

To access a Crewmojo API endpoint you will firstly use the Client ID and Secret Key to get a short-lived Access Token. The Access Token is valid for 30 minutes after which time you will need to retrieve another Access Token.&#x20;

Each time you request a new Access Token, all previous Access Tokens are invalidated.

{% hint style="info" %}
A valid access methodology is to request a new Access Token before each API call to Crewmojo.
{% endhint %}

### **Request an Access Token**

**Endpoints:**

<table><thead><tr><th width="199">Environment</th><th>URL</th></tr></thead><tbody><tr><td>Test</td><td><code>https://api.test.crewmojo.com/v1/oauth/token</code></td></tr><tr><td>Production</td><td><code>https://api.crewmojo.com/v1/oauth/token</code></td></tr></tbody></table>

**Request Type:**

<mark style="color:blue;">**POST**</mark>

**Content  Type:**

<mark style="color:blue;">**application/x-www-form-urlencoded**</mark>

<mark style="color:blue;">**or**</mark>

<mark style="color:blue;">**application/json**</mark>

Crewmojo API will accept either.

**Request Body:**

<table><thead><tr><th width="178">Value</th><th>Type</th></tr></thead><tbody><tr><td>grant_type</td><td>string, must be client_credentials</td></tr><tr><td>client_id</td><td>string, retrieved from Crewmojo Admin (above)</td></tr><tr><td>client_secret</td><td>string, retrieved from Crewmojo Admin (above)</td></tr></tbody></table>

<pre><code><a data-footnote-ref href="#user-content-fn-1">example:</a>
curl -X POST 'https://api.crewmojo.com/v1/oauth/token' \
-H 'Content-Type: application/json' \
-d '{"grant_type":"client_credentials","client_id":"ccccc","client_secret":"ssss"}'
</code></pre>

**Response:**

<table><thead><tr><th width="171">Code</th><th>Description / Example</th></tr></thead><tbody><tr><td>200</td><td><p><em>Success</em></p><p>Content-Type: application/json</p><pre><code>{
  "access_token": "aaaaaaaaaaaaaaa",
  "token_type": "Bearer",
  "expires_in": 1800
}
</code></pre></td></tr><tr><td>400</td><td><p><em>Invalid Data error</em></p><p>Content-Type: application/json</p><pre><code>{
  "success": "false",
  "httpErrorCode": 400,
  "errorMessage": "Invalid data received"
}
</code></pre></td></tr><tr><td>401</td><td><p><em>Unauthorized error</em></p><p>Content-Type: application/json</p><pre><code>{
  "success": "false",
  "httpErrorCode": 401,
  "errorMessage": "Unauthorized"
}
</code></pre></td></tr><tr><td>500</td><td><p><em>Internal Server Error</em></p><p>Content-Type: application/json</p><pre><code>{
  "success": "false",
  "httpErrorCode": 500,
  "errorMessage": "Error generating access token"
}
</code></pre></td></tr></tbody></table>

[^1]: