All API requests must include a bearer token in the Authorization header:
Authorization: Bearer YOUR_API_TOKEN
Personal access tokens
The simplest way to authenticate is with a personal access token. Generate one from your dashboard settings.
Go to Settings
Navigate to Settings > Personal Access Tokens in the Plugchoice dashboard.
Create a token
Click Create Token, give it a descriptive name, and copy the token value. The token is only shown once.
Use the token
Include the token in the Authorization header of your API requests.
curl https://app.plugchoice.com/api/v3/user \
-H "Authorization: Bearer your_personal_access_token"
OAuth 2.0
For third-party integrations, Plugchoice supports OAuth 2.0. The following grant types are available:
| Grant type | Use case |
|---|
| Authorization code | Web apps that need user authorization |
| Client credentials | Server-to-server communication |
| Refresh token | Renewing expired access tokens |
| Device code | Devices without a browser (e.g., charger displays) |
Authorization code flow
Redirect to authorize
Redirect the user to the authorization endpoint:GET https://app.plugchoice.com/oauth/authorize
?client_id=YOUR_CLIENT_ID
&redirect_uri=YOUR_REDIRECT_URI
&response_type=code
&scope=
Exchange code for token
After the user grants access, exchange the authorization code for tokens:curl -X POST https://app.plugchoice.com/oauth/token \
-d grant_type=authorization_code \
-d client_id=YOUR_CLIENT_ID \
-d client_secret=YOUR_CLIENT_SECRET \
-d redirect_uri=YOUR_REDIRECT_URI \
-d code=AUTHORIZATION_CODE
Use the access token
Use the returned access_token in the Authorization header:{
"token_type": "Bearer",
"expires_in": 31536000,
"access_token": "eyJ0...",
"refresh_token": "def5..."
}
Client credentials flow
For server-to-server integrations that don’t require user authorization:
curl -X POST https://app.plugchoice.com/oauth/token \
-d grant_type=client_credentials \
-d client_id=YOUR_CLIENT_ID \
-d client_secret=YOUR_CLIENT_SECRET \
-d scope=
Refreshing tokens
Use a refresh token to obtain a new access token:
curl -X POST https://app.plugchoice.com/oauth/token \
-d grant_type=refresh_token \
-d client_id=YOUR_CLIENT_ID \
-d client_secret=YOUR_CLIENT_SECRET \
-d refresh_token=YOUR_REFRESH_TOKEN
Revoking tokens
Revoke an access token when it’s no longer needed:
curl -X POST https://app.plugchoice.com/oauth/revoke \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Keep your client secret confidential. Never expose it in client-side code or public repositories.