Get started (using auth v1)

Discover how to authenticate to Youniums APIs

All requests to the Younium API must be authenticated using a JWT access token. This guide explains how to generate the required credentials, acquire a JWT token, and use it to make authenticated API calls.

Step 1: Generate an API Token and Client Credentials

  1. Open the User Profile Menu in the top-right corner (click your user name).

  2. Go to Privacy & Security.\

  3. Select Personal Tokens in the left-hand panel.

  4. Click Generate Token.\

  5. Enter a descriptive name for the token and click Create.

  6. The Client ID and Secret Key will now be displayed and will be used to generate the JWT token.

Step 2: Generate a JWT Token

Make a POST request to the /auth/token endpoint with your client credentials.

Endpoints

  • Production: https://api.younium.com/auth/token

  • Sandbox: https://api.sandbox.younium.com/auth/token

  • US Production: https://api.us.younium.com/auth/token

  • US Sandbox: https://api.us.sandbox.younium.com/auth/token

Request Header

Content-Type: application/json

Request Body

{ 
  "clientId": "<Client Id>", 
  "secret": "<Secret Key>" 
}

Successful Response

{
  "expires": "Thu, 21 Sep 2025 11:12:01 GMT",
  "expiresIn": 86400,
  "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cC...",
  "refreshToken": "4baf4774-5ef9-4983-a8d8-f4fdae7f7000"
}

  • The access token is valid for 24 hours.

  • Once expired, you must request a new token.

Error Response

If authentication fails, you may receivean error response:

{
    errors: ["<Error message>"]
}

  • 400 or 401: Invalid credentials or other authentication issues.

Step 3: Making Authenticated API Calls

Request headers:

Authorization: Bearer <JWT Token>
Content-Type: application/json
legal-entity: <Legal Entity Id or Name>

legal-entity is required if your tenant has multiple legal entities.

Common Authentication Errors

  • 401 Unauthorized

    • Token is missing, has expired, or is invalid.

  • 403 Forbidden

    • The request is authenticated, but access is blocked. Possible reasons include :

      • Invalid or missing legal-entity header.

      • Insufficient user permissions.

      • Restricted access to integrations or services.

Last updated

Was this helpful?