This is an HTTPS-only API and it uses OAuth 2.0 authorization, implementing Authorization Code and Client Credential flows. All requests have to be authenticated via the Authorization header:

curl -H "Authorization: Bearer f4f4994a875f461ca4d4708b9e027df4" \
    https://api.competitionsuite.com/v3/groups

Please note that you can choose to send data as JSON or form in all POST requests on this page, as long as the appropriate Content-Type header is included.

OAuth2 Application Keys

You need to create an OAuth2 application before you can use the API. Create one by navigating to your organization > Settings > API and click Create API Key.

Client Credentials Flow

With the Client Credentials flow it is possible to retrieve an access token directly using your application id and application secret:

curl -X POST https://api.competitionsuite.com/v3/oauth2/token \
    --data "grant_type=client_credentials" \
    --data "client_id={application_id}" \
    --data "client_secret={application_secret}"
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8

{
    "token_type":"bearer",
    "access_token":"369dbb08be58430086d2f8bd832bc1eb",
    "expires_in":7200
}

This token is valid for 2 hours and you should create a new one only after the existing token expires. Expiration will be indicated by the API responding with HTTP 401.