Peoplevine API

Authentication

Create an Access token and learn how to authenticate on the Peoplevine REST APIs.

Authenticate with the Peoplevine APIs

Peoplevine uses JWT (JSON Web Tokens) that are short-lived to authenticate requests on their APIs. Short-lived tokens last for 30 minutes before they need to be refreshed using the Refresh token. There are 3 different token types that can be created:

  • User: This token is used to authenticate to the control panel of the Peoplevine system. It is generally associated with multiple companies. It is short-lived token that is created via authentication to the Peoplevine api/token endpoint with the username, password, and grant_typeparameters, with grant type set to password. The company_id parameter is not used. This token has access to the api/company endpoint, which returns a list of companies associated with the user. Once a User token has been granted, it can be used to obtain a User Company token. Navigate to Generate a User Access token for more information.

  • User Company: This is the most commonly used token. A User token must be created prior to obtaining a User Company token. It is a short-lived token that is created by authentication on the api/token endpoint using the refresh_token and access_token of the User, company_id, and grant_typeparameters, with grant type set to access_token. To obtain this token, first generate a User Access token, and then navigate to Generate a User Company Access token.

  • Customer: A short-lived token used to authenticate your customer to your app that is created by authenticating on the api/token endpoint with the username, password, company_id, and grant_typeparameters, with grant type set to customer_password. You can go to Generate a Customer Access token for more information on how to create this token type.

More information about tokens can be found in the Peoplevine Tokens page.

Parameters

The following parameters are used to authenticate with the Peoplevine APIs.

username: The email address used to sign up for a Peoplevine account.

password: The password for the Peoplevine account.

company_id: The numeric ID associated with the Company in the Peoplevine account. This can be located in the company profile on the Control Panel.

grant_type: The authentication method used to authenticate with the API. This can be set toaccess_token, customer_password, or password, depending on the desired access token.

remember_me: When set to "true", the Refresh token can be used for 7 days, but when set to "false", it can only be used for 24 hours.

Generate a User Access token

API users must obtain a User Company token after receiving a User Access token to exercise the API

To authenticate on the API, you need to make a token request on the api/token/ endpoint with the grant_type set to "password" using the following command, replacing the sample data (indicated by <>) with your information.

Example Request:

{    
    "username" : "ryan@peoplevine.com",
    "password" : "****",
    "grant_type" : "password",
    "remember_me": true
}

POST /api/token

Generate a User Access token that can be used to request a User Company Access token.

Headers

NameValue

Content-Type

application/json

Authorization

Bearer <token>

Body

NameTypeDescription

username

string

email address of the user

password

string

password of the user

grant_type

string

defines the type of access token being requested, in this case: "password'

remember_me

boolean

set whether the Refresh token is active for 24 hours ("false") or 7 days ("true")

Response

{
    "access_token" : "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Im9lbWFwaSJ9.eyJpYXQiOjE2MDU4MjUwODAsIm5iZiI6MTYwNTgyNTA1MCwiZXhwIjoxNjA1ODI1MzgwLCJqdGkiOiJmYzA5ZjZlOC1iOTI2LTQ2MWQtYWY2Yy01NDFmNDQzOTZlOTQiLCJzZXNzaW9uX2lkIjoidFdiTEhtblhWOWR1VDhBL1hhRVIyU2ljdmVhQm41SkU0eVF6U21JZ0FPSGdpNlZrQ2ZsNmRpSXpZRkFNT0wzM2ZIRk9NVTl5dGt2NzdKTENnYnB2OUE9PSJ9.VLRuUfLc-JWdayKnc7LJgTC1snWlC4O1Rtc-xEUMwD5nr5GTPJJpvorhg3lE4IFDEjyy0fDDac1w_e6HtDZ4s1xVMy-CBfBRsovGl6p17CgQ6sz8LaSXIkJSG9OdatdaehA9hJF4Au-_21r1sFcFrt5T1YZM3ODd4QNvEiC_fPbbXtUPsfmcl713oRrUwpoz28ktbA1pWHd0fYX8msC0z_9zD-xGRCJlye1Kul2w6i2i4LJOyovgd31SJJ-sRk5w8WVwQkIFIoUR7nUCwZYzlROOMEKjfclUfHA7RR3rUnc5hPa-8u_tfGye74Nw50pAjDkj8IDulvK1DV3S55uw8w",
    "refresh_token": "tWbLHmnXV9duT8A/XaER2SicveaBn5JE4yQzSmIgAOHgi6VkCfl6diIzYFAMOL33fHFOMU9ytkv77JLCgbpv9A==","expires_in": 1800.0,
    "expires_at": "2024-05-07T18:01:13.5195053Z",
    "refresh_expires_in": 86400.0,
    "refresh_expires_at": "2024-05-08T17:31:13.5195058Z",
    "session_id": "f83b772b-7b3b-4321-8959-e6e58a6d353a",
    "token_type": "user",
    "user_id": 1234,
    "customer_id": 0
}

This token can now be used to obtain a User Company Access token.

Generate a User Company Access Token

After you have a User Access token, you can use the information in the response to request a User Company Access token. Paste the refresh_token and the access_token from the response, and modify grant_type to access_token. Then paste your company ID from your company profile in the Peoplevine control panel into the company_id parameter.

Example Request:

{
    "refresh_token" : "hC5aai+5/ad6lsmYghKVg9aM6d7kVMaGeXtVVZL0iLU=",
    "access_token" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25vIjoiMTM4NyIsInNlc3Npb25faWQiOiJmODNiNzcyYi03YjNiLTQzMjEtODk1OS1lNmU1OGE2ZDM1M2EiLCJyb2xlIjoiVXNlciIsInJfZXhwIjoiNjA0ODAwIiwidG9rZW5fdHlwZSI6InVzZXIiLCJuYmYiOjE3MTUxMDMwNzMsImV4cCI6MTcxNTEwNDg3MywiaWF0IjoxNzE1MTAzMDczLCJpc3MiOiJQZW9wbGVWaW5lIn0.Cw9s6MnbYSY1fz05LJ17r8PlDRco-z_IupdVYKxKsak",
    "grant_type" : "access_token",
    "company_id": 1234
}

POST /api/token

Generate a User Company Access token.

Headers

NameValue

Content-Type

application/json

Authorization

Bearer <token>

Body

NameTypeDescription

refresh token

string

refresh token obtained when requesting a User Access token

access token

string

access token obtained when requesting a User Access token

grant_type

string

defines the type of access token being requested, in this case: "access_token"

company_id

string

numeric ID of the company that you are trying to access

Response

{
    "scopes": [],
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiQWRtaW4iLCJyb2xlX2lkIjoiMSIsInVzZXJfbm8iOiIxMzg3Iiwic2Vzc2lvbl9pZCI6Ijk4ZThjMzBlLWI3ZGQtNGI4Mi1iMDI2LTVjNDFiZGY2NzdkNSIsInJfZXhwIjoiNjA0ODAwIiwiY29tcGFueV9ubyI6IjEwODciLCJ0b2tlbl90eXBlIjoidXNlcl9jb21wYW55IiwibmJmIjoxNzE1MTAzMzYyLCJleHAiOjE3MTUxMDUxNjIsImlhdCI6MTcxNTEwMzM2MiwiaXNzIjoiUGVvcGxlVmluZSJ9.H67vKgkOT9NtkpI4u510wTzbzyE0tqPUSnySXvpZZaM",
    "refresh_token": "Un1iVDyyTh5lYgcV+U+i5a6LLKrDGxNW5s5iF9swu5E=",
    "expires_in": 1800.0,
    "expires_at": "2024-05-07T18:06:02.4240725Z",
    "refresh_expires_in": 604800.0,
    "refresh_expires_at": "2024-05-14T17:36:02.4240727Z",
    "session_id": "98e8c30e-b7dd-4b82-b026-5c41bdf677d5",
    "token_type": "user_company",
    "user_id": 1234,
    "customer_id": 0
}

Now you are ready to start making requests to the Peoplevine APIs.

Generate a Customer Access token

A Customer Access token is used to authenticate your customers to your app in order for them to access your Peoplevine member portal. This token is tied to visibility privileges, so it hides any resources the customer does not have access to.

Example Request:

{
    "username" : "customer@email.com",
    "password" : "customerSecret",
    "company_id" : 1234,
    "grant_type" : "customer_password",
    "remember_me": true
}

POST /api/token

Generate a token that allows a company to access your Peoplevine member portal.

Headers

NameValue

Content-Type

application/json

Authorization

Bearer <token>

Body

NameTypeDescription

username

string

refresh token obtained when requesting a User Access token

password

string

access token obtained when requesting a User Access token

company_id

string

numeric ID of the company that you are trying to access

grant_type

string

defines the type of access token being requested, in this case: "customer_password"

remember_me

boolean

set whether the Refresh token is active for 24 hours ("false") or 7 days ("true")

Response

{
    "scopes": [],
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiQ3VzdG9tZXIiLCJjdXN0b21lcl90eXBlIjoiY3VzdG9tZXIiLCJjdXN0b21lcl9ubyI6Ijc4ODQ2NjciLCJjb21wYW55X25vIjoiMTA4NyIsInNlc3Npb25faWQiOiJhODAwMGU4Ny0yMmYzLTQyNzMtYmViNi1iYTA1NGM5YzNlZjkiLCJyX2V4cCI6IjYwNDgwMCIsInRva2VuX3R5cGUiOiJjdXN0b21lciIsIm5iZiI6MTcxNTIwMzEwMSwiZXhwIjoxNzE1MjA0OTAxLCJpYXQiOjE3MTUyMDMxMDEsImlzcyI6IlBlb3BsZVZpbmUifQ.CKJ6QbgbxjnY0Cmz2GVHN2l5NWSF4e3M5tPAXkpDC74",
    "refresh_token": "FvFeQxZdfgfUwtL5McxBk4oF/gBItW7IPFiCrXEdpgg=",
    "expires_in": 1800.0,
    "expires_at": "2024-05-08T21:48:21.5355266Z",
    "refresh_expires_in": 604800.0,
    "refresh_expires_at": "2024-05-15T21:18:21.5355271Z",
    "session_id": "a8000e87-22f3-4273-beb6-ba054c9c3ef9",
    "token_type": "customer",
    "user_id": 0,
    "customer_id": 1234567,
    "company_id": 1234,
    "sso_token": "OCYISXgZ3Lt4xm5hg72VG9LaqbnzT9cdDzmdkrs/f19MKQGxwCT/pF6310gKXHJjOteIDUtQf34tswOq4MiqjkW4WByamEb6lp/9HydIgS9Uew7qyutGtmPdPFVfPtYq0CWeRMU/dncAm8LTlfv9ih3HxvT88FaIKuORA76AuxFbnZIF22WFJC5UR7kyeemXd97eu2r93mpY238aq2CE/kAm8z42BDiG1JkAn1A114tA1OT4h/1eygHfZVxIDcn0oBIZueImh3ryi2ZO9xExlyi59QDY5Anb00/l+H3R4k0=",
    "ws_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiQ3VzdG9tZXIiLCJjdXN0b21lcl90eXBlIjoiY3VzdG9tZXIiLCJjdXN0b21lcl9ubyI6Ijc4ODQ2NjciLCJjb21wYW55X25vIjoiMTA4NyIsInNlc3Npb25faWQiOiJhODAwMGU4Ny0yMmYzLTQyNzMtYmViNi1iYTA1NGM5YzNlZjkiLCJyX2V4cCI6IjYwNDgwMCIsInRva2VuX3R5cGUiOiJ3c190b2tlbiIsIm5iZiI6MTcxNTIwMzEwMSwiZXhwIjoxNzE1MjA2NzAxLCJpYXQiOjE3MTUyMDMxMDEsImlzcyI6IlBlb3BsZVZpbmUifQ.FBBHCFr03soTAhCULPpZ7G4PSzgSBXH7AAD7OtkCbO8"
}

Add User Company Access token requests to your code

You can both request and refresh a token programmatically in your app code to reduce the need for manual interaction with the APIs. Click the tab below matching your app language for example code snippets. Make sure to replace the following text with your company's information to make the code work as expected.

  • username

  • password

  • company_id

// Define the base URL for the API
const baseUrl = 'https://api.peoplevine.com/api/token';

// Define the interface for the user authentication response
interface UserAuthResponse {
  refresh_token: string;
  access_token: string;
}

async function authenticate(): Promise<void> {
  try {
    // Define the JSON payload for user authentication
    const userAuthPayload = {
      username: 'example@example.com',
      password: '****',
      grant_type: 'password',
      remember_me: true,
    };

    // Send the user authentication request
    const userAuthResponse = await fetch(baseUrl, {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
      },
      body: JSON.stringify(userAuthPayload),
    });

    if (!userAuthResponse.ok) {
      throw new Error('User authentication request failed');
    }

    const { refresh_token, access_token } = await userAuthResponse.json() as UserAuthResponse;

    // Define the JSON payload for company authentication
    const companyAuthPayload = {
      refresh_token,
      access_token,
      grant_type: 'access_token',
      company_id: 1234567,
    };

    // Send the company authentication request
    const companyAuthResponse = await fetch(baseUrl, {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
      },
      body: JSON.stringify(companyAuthPayload),
    });

    if (!companyAuthResponse.ok) {
      throw new Error('Company authentication request failed');
    }

    const companyAuthResult = await companyAuthResponse.json();
    // Handle the response from the company authentication request
    console.log(companyAuthResult);
  } catch (error) {
    // Handle any errors that occurred during the requests
    console.error('An error occurred:', error);
  }
}

// Call the authenticate function
authenticate();

This will automatically create the User Access token, then create the User Company Access token. It will also refresh a token automatically when the Access token expires.

PreviousGetting StartedNextPeoplevine Tokens

Last updated