The Workiva Developer API is secured using an OAuth 2.0 Client Credentials
Grant implementation. This
authentication flow follows three steps:
- Obtain a client id and client secret.
- Using the client id and client secret, make a POST request to the
oauth2/token endpoint to exchange these credentials for a bearer
- When accessing the REST API, use the bearer token to authenticate.
Keep in mind that the consumer key/secret pair, bearer token
credentials, and the bearer token itself grant access to make requests on
your behalf. These values should be considered as sensitive as passwords
and must not be shared or distributed to untrusted parties.
This manner of authentication is only secure if SSL is used. Therefore,
all requests must use HTTPS.
Making Authenticated Requests
Step 1. Obtain a Client Id and Client Secret
First, make sure you have your client id and client secret handy. Store these
Step 2. Exchange Client Credentials for a Bearer Token
The client id and client secret must be exchanged for a bearer token by issuing
a POST request to
- The request must be a HTTPS POST request.
- The request must include a Content-Type header with the value of
- The body of the request must include
POST /<version>/oauth2/token HTTP/1.1
HTTP/1.1 200 OK
Date: Thu, 19 Jan 2017 19:41:37 GMT
"scope": "data_tables|r data_tables|w",
The value associated with the
access_token field in the response is the
bearer token to use on subsequent requests.
Step 3. Authenticate API requests with the Bearer Token
The bearer token obtained in Step 2 is used to issue requests to Workiva
Developer API endpoints. To use the bearer token, construct a normal HTTPS
request and include an Authorization header with the value of
Authorization: Bearer ey...