API Authentication

REST Authentication for FormXtract

All of Quik!'s REST API's rely upon an OAuth2 Token authentication methodology. Each call to a Quik! resource will require a valid, unexpired OAuth2 Token that must be passed in the Authentication Header of the resource's request.

Header Key: Authorization

Header Value: Bearer {{Quik! OAuth Token}} (For example, "Bearer cSEKkmV3bGGpYjfGDlQ87DI37HtI5YYMg...")

You may be able to use a single token multiple times across different service depending on the duration of the token and whether it can be regenerated. In case a request to any of our APIs returns a 401 Unauthorized error, then it means that the Quik! OAuth token expired or is invalid, so a new one must be generated.

Note: Tokens expire after 30 minutes.

How to Get a Quik! OAuth Token

In order to get a token, it's as simple as making the following POST request:

REST Authentication Server Endpoint - https://websvcs.quikforms.com/rest_authentication/token

Http Method - POST

Content-Type - application/x-www-form-urlencoded

Body - grant_type=password&username={{Quik! Username}}&password={{Quik! Password}}

As you can see above, a token request requires your Quik! username and password.

Note: Only a customer's Master Credentials are to be used when calling Quik! APIs (not end-user credentials)

Response Example

{
  "access_token": "gfD4QVol1ZF8EDBEyZG...",
  "token_type": "bearer",
  "expires_in": 86399,
  "refresh_token": "VbIW0Iip4jokW4..."
}

Note: The "access_token" property of the response (Json) is what needs to be placed in the Authorization Header of any Quik! API Request (as Bearer).

To refresh a token pass the Refresh Token that was generated when the original token was created. Not all services will allow for token refreshes.

Token Request or Refresh: https://websvcs.quikforms.com/rest_authentication/token